Results 1 to 3 of 3

Thread: [SOLVED] ZCS 5.0.19 - Creating self signed CA and certificate - SOLVED

  1. #1
    friedl is offline Junior Member
    Join Date
    Oct 2009
    Location
    Graz/Austria
    Posts
    7
    Rep Power
    5

    Default [SOLVED] ZCS 5.0.19 - Creating self signed CA and certificate - SOLVED

    VALID FOR: Release 5.0.19_GA_3083.RHEL5_64_20090918162340 CentOS5_64 FOSS edition

    I wanted to create a self-signed CA which is valid for more than one year and then create a server certificate with SubjectAltNames.

    First we need fix some zmcertmgr bugs, so it really does what we want it to:
    Code:
    # cd /tmp
    # wget ftp://ftp.fl.priv.at/pub/zimbra/patches/5.0.19/patch-zmcertmgr
    # cd /
    # patch -p0 --verbose < /tmp/patch-zmcertmgr
    Create the CA with a validity of 10 years and check its certificate (run as root):
    Code:
    # rm -f /opt/zimbra/ssl/zimbra/ca/index.txt*
    # touch /opt/zimbra/ssl/zimbra/ca/index.txt
    # /opt/zimbra/bin/zmcertmgr createca -new -days 3650 \
    -subject "/C=AT/ST=N\/A/L=N\/A/O=MYORG/OU=Zimbra CA/CN=server.domain.com"
    # openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -noout -text | \
    grep "\(Not Before:\|After :\)\|\(Issuer:\)"
    Create a Server Certificate which is valid for 3 years and test it (run as root):
    Code:
    # /opt/zimbra/bin/zmcertmgr createcrt -new -days 1095 -subject \
    "/C=AT/ST=N\/A/L=N\/A/O=MYORG/OU=IT/CN=server.domain.com" -subjectAltNames \
    "server.domain.com,webmail.domain.com"
    # openssl x509 -in /opt/zimbra/ssl/zimbra/server/server.crt -noout -text
    Finally install the certificate and check that Zimbra is using the correct one (run as root):
    Code:
    # /opt/zimbra/bin/zmcertmgr deploycrt
    # /opt/zimbra/bin/zmcertmgr viewdeployedcrt
    Don't forget to restart ZCS.

  2. #2
    veronica is offline Outstanding Member
    Join Date
    Jun 2008
    Posts
    594
    Rep Power
    8

    Default

    Cannot retrieve the patch. Seems permission denied:-

    ftp> get patch-zmcertmgr
    local: patch-zmcertmgr remote: patch-zmcertmgr
    local: patch-zmcertmgr: Permission denied

  3. #3
    friedl is offline Junior Member
    Join Date
    Oct 2009
    Location
    Graz/Austria
    Posts
    7
    Rep Power
    5

    Default

    Hi!

    It's definitely working on my side:
    fl@host:/tmp> wget ftp://ftp.fl.priv.at/pub/zimbra/patc...atch-zmcertmgr
    --2009-11-03 11:07:30-- ftp://ftp.fl.priv.at/pub/zimbra/patc...atch-zmcertmgr
    => `patch-zmcertmgr'
    Resolving ftp.fl.priv.at... 91.209.75.53
    Connecting to ftp.fl.priv.at|91.209.75.53|:21... connected.
    Logging in as anonymous ... Logged in!
    ==> SYST ... done. ==> PWD ... done.
    ==> TYPE I ... done. ==> CWD /pub/zimbra/patches/5.0.19 ... done.
    ==> SIZE patch-zmcertmgr ... 2065
    ==> PASV ... done. ==> RETR patch-zmcertmgr ... done.
    Length: 2065 (2.0K)

    100%[================================================== ===========================================>] 2,065 --.-K/s in 0.002s

    2009-11-03 11:07:32 (1.10 MB/s) - `patch-zmcertmgr' saved [2065]

    Try to click on the link above to see that it's working.

    If you are behind a firewall make sure you use passive mode ftp.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •