[SOLVED] how to install separate external SSL certificate?
Hey, hi, All,
Hope this finds you all healthy, wealthy, wise.
I have been a Zimbra admin for a handful of years & feel like I know it fairly well, and I have installed a number of certificates (thawte, geotrust, caCert, etc), but this situation is new to me.
We have the following files here:
(all the above files on the mail server were generated using openSSL by hand)
And processed through GeoTrust. Now we need to install this in to Zimbra. I have read a dozen threads herein but I have not yet come across a thread that talks about doing this. I hope I am missing it & someone can point me at an URL with the steps & I'll be done in 10 minutes.
However, if not, I am hoping that someone can lend me a hand, please, thank you, on how to go about installing this certificate in to Zimbra without using the keystore as the source of the original CSR.
I would need to some how get the request in to the store & then get the cert' in to the store afterward (since we did not create the request from the keystore).
Thanks so much. Much appreciated.
I just did this the other day
with a wildcard cert from Equifax (think it is same as GeoTrust), and no CSR from the Zimbra server (it didnt' seem to be needed). I followed this:
Installing a GeoTrust Commercial Certificate - Zimbra :: Wiki
your "ca.pem" might be the same as the Equifax cert mentioned below, dunno, just telling you what I did. You could try renaming the ca.pem to commercial_ca.crt and see if they match in the first zmcertmgr command listed below. I also rename the files from what you have, to match the instructions... I think this process automatically looks for the private key in a file in that directory called "commercial.key".
- in the /opt/zimbra/ssl/zimbra/commercial directory....
- wget https://www.geotrust.com/resources/r..._Authority.cer
- mv Equifax_Secure_Certificate_Authority.cer commercial_ca.crt
- mv cert.pem commercial.crt
- mv server.key commercial.key
- (as root) /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.crt commercial_ca.crt
- if all reports as matching....
- (as root) /opt/zimbra/bin/zmcertmgr deploycrt commercial.crt commercial_ca.crt