Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
 
Go Back   Zimbra - Forums > Zimbra Collaboration Suite > Administrators
Reload this Page not able to extend duration for self signed certificate

Welcome to the Zimbra - Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-05-2009, 09:05 AM
Elite Member
  
Posts: 314
Default not able to extend duration for self signed certificate
Hi Guys,

I am trying to regenerate self- signed certificate with 3650 days but still its keep showing me 365 days...

i refered some post in this forum and came to know that it was hardcoded in script and Bug # 12228 has been raised for the same. IS it still pending or got resolved ??

I am using 5.0.13 version and followed below steps :


################################################## ##

2. Remove old SSL
rm -rf /opt/zimbra/ssl
mkdir /opt/zimbra/ssl
chown zimbra:zimbra /opt/zimbra/ssl

3. Remove the self-signed root certificate from the cacerts keystore and mailboxd keysore
chmod 644 /opt/zimbra/java/jre/lib/security/cacerts
su - zimbra
keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit


chown zimbra:zimbra /opt/zimbra/mailboxd/etc/keystore
chmod 644 /opt/zimbra/mailboxd/etc/keystore
zmlocalconfig -s -m nokey mailboxd_keystore_password
keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass <new password>

4. Perform optional stpes if would like to set your hostname as CN

vi /opt/zimbra/conf/zmssl.cnf.in
[change section to appear as below]
0.organizationName = Zimbra
0.organizationName_default = Zimbra
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Zimbra
organizationalUnitName_default = Zimbra
commonName = <put your hostname here -- @@HOSTNAME@@ doesn't seem to work>
commonName_max = 64
commonName_default = <put your hostname here -- @@HOSTNAME@@ doesn't seem to work>


And made below changes :

default_days = 3650

5. Create CA ( as root )

/opt/zimbra/bin/zmcertmgr createca -new

6.Install Server CA files

/opt/zimbra/bin/zmcertmgr deployca -localonly

7. Create the server certificate ( as root )

/opt/zimbra/bin/zmcertmgr createcrt self -new -days 3650

8. Install the server certificate


/opt/zimbra/bin/zmcertmgr deploycrt self

9. Compare updated LDAP with contents of /opt/zimbra/ssl/ssl/ca ( as zimbra)

zmprov -l gcf zimbraCertAuthorityKeySelfSigned
zmprov -l gcf zimbraCertAuthorityCertSelfSigned

10. Restart Zimbra :

zmcontrol stop
zmcontrol start

/opt/zimbra/bin/zmcertmgr viewdeployedcrt all

##################################################


Please suggest and correct me if i am doing any mistake in above mentioned steps....

Thanks
Last edited by chandu : 11-05-2009 at 09:16 AM.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

Zimbrablog.com


Home - Blog - Contact Us - Archive - Top


 

Search Engine Optimization by vBSEO 3.1.0