Results 1 to 4 of 4

Thread: [SOLVED] how to install separate external SSL certificate?

  1. #1
    sjobeck is offline Active Member
    Join Date
    May 2006
    Location
    www.sjobeck.com
    Posts
    41
    Rep Power
    9

    Default [SOLVED] how to install separate external SSL certificate?

    Hey, hi, All,

    Hope this finds you all healthy, wealthy, wise.

    I have been a Zimbra admin for a handful of years & feel like I know it fairly well, and I have installed a number of certificates (thawte, geotrust, caCert, etc), but this situation is new to me.

    We have the following files here:
    req.pem
    server.key
    cert.pem
    ca.pem

    (all the above files on the mail server were generated using openSSL by hand)

    And processed through GeoTrust. Now we need to install this in to Zimbra. I have read a dozen threads herein but I have not yet come across a thread that talks about doing this. I hope I am missing it & someone can point me at an URL with the steps & I'll be done in 10 minutes.

    However, if not, I am hoping that someone can lend me a hand, please, thank you, on how to go about installing this certificate in to Zimbra without using the keystore as the source of the original CSR.

    I would need to some how get the request in to the store & then get the cert' in to the store afterward (since we did not create the request from the keystore).

    Thanks so much. Much appreciated.
    Thanks very much.

    Peace. Love. Linux.

    Jason Sjobeck
    xmpp:jason@sjobeck.com
    *Asterisk Consultant To The Stars *

  2. #2
    gnyce is offline Advanced Member
    Join Date
    Aug 2007
    Location
    outside Philadelphia
    Posts
    214
    Rep Power
    8

    Default I just did this the other day

    with a wildcard cert from Equifax (think it is same as GeoTrust), and no CSR from the Zimbra server (it didnt' seem to be needed). I followed this:

    Installing a GeoTrust Commercial Certificate - Zimbra :: Wiki

    your "ca.pem" might be the same as the Equifax cert mentioned below, dunno, just telling you what I did. You could try renaming the ca.pem to commercial_ca.crt and see if they match in the first zmcertmgr command listed below. I also rename the files from what you have, to match the instructions... I think this process automatically looks for the private key in a file in that directory called "commercial.key".

    - in the /opt/zimbra/ssl/zimbra/commercial directory....
    - wget https://www.geotrust.com/resources/r..._Authority.cer
    - mv Equifax_Secure_Certificate_Authority.cer commercial_ca.crt
    - mv cert.pem commercial.crt
    - mv server.key commercial.key
    - (as root) /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.crt commercial_ca.crt
    - if all reports as matching....
    - (as root) /opt/zimbra/bin/zmcertmgr deploycrt commercial.crt commercial_ca.crt

    good luck

  3. #3
    sjobeck is offline Active Member
    Join Date
    May 2006
    Location
    www.sjobeck.com
    Posts
    41
    Rep Power
    9

    Default

    Thanks so much. Too easy. Making it harder then it was. Simply used "deploycrt" & pointed at my two files & restarted all services & tested & done. Simple. Thanks so much.
    Thanks very much.

    Peace. Love. Linux.

    Jason Sjobeck
    xmpp:jason@sjobeck.com
    *Asterisk Consultant To The Stars *

  4. #4
    blessendor is offline Active Member
    Join Date
    Dec 2009
    Posts
    46
    Rep Power
    5

    Default

    Quote Originally Posted by gnyce View Post
    with a wildcard cert from Equifax (think it is same as GeoTrust), and no CSR from the Zimbra server (it didnt' seem to be needed). I followed this:

    ....
    - (as root) /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.crt commercial_ca.crt
    ...
    good luck

    Thank you. BTW you missed "commercial.key" options.
    Right command is:
    /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt commercial_ca.crt

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. Replies: 5
    Last Post: 04-27-2009, 06:53 PM
  3. [SOLVED] ipsCA SSL Certificate Install Problems (Zimbra 5.0.7)
    By thunder04 in forum General Questions
    Replies: 3
    Last Post: 08-14-2008, 08:50 AM
  4. Replies: 0
    Last Post: 01-15-2008, 01:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •