CACert.org - Howto Install Guideline.

Printable View

11-03-2010, 06:11 AM
cyber7

CACert.org - Howto Install Guideline.

Hi Guys.
After spending about two days on this, I would like to share:

Steps to follow:
0. run as root "keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit"
1. Create youself a cacert username.
2. Create a new certificate through your admin console.
3. copy the contents from /opt/zimbra/ssl/zimbra/commercial/commercial.csr to use as your cacert key (my.crt).
3.a. NOTE: The generated key will be saved as my.crt
4. copy the root/class3 crt files on the main page of cacert.org
5. run the following commands (between the "")
# "keytool -import -alias cacertclass1ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -import -trustcacerts -file root.crt"
# "keytool -import -alias cacertclass3ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -import -trustcacerts -file class3.crt"
# "keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file ./my.crt"
# "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key ./my.crt ./root.crt"
# "/opt/zimbra/bin/zmcertmgr deploycrt comm ./my.crt ./root.crt"

Explenation of commands:
1. imports the root cert.
2. imports the class3 cert.
3. imports the server cert.
4. verify everything is ok.
5. deploys the cert.

then do a:
su - zimbra
zmcontrol restart

Check if everything is ok.

Kind regards
Aubrey Kloppers
11-24-2010, 05:36 AM
cyber7

Hi Guys

Some notes on this:
When generating a CERT in Zimbra, use wildcard on your domain i.e:
instead of using
- mail.example.com
use
- *.example.com

This will allow you to use multiple names.

I use for internal mail:
mail.example.com
and for external mail:
mymail.example.com

It just makes it easier to manage on my firewall.

Another note:
If you made a mistake and re-generate the cert, you only have to save the my.crt and run:
"/opt/zimbra/bin/zmcertmgr deploycrt comm ./my.crt ./root.crt"

Kind regards
Aubrey Kloppers

Kind regards
Aubrey Kloppers
11-26-2010, 06:51 PM
Panchux

I really appreciate your comments.

Thanks,

Pancho
11-28-2010, 11:37 PM
cyber7

Hi Pancho

It is realy my pleasure! I suffered with this one and found it quite easy if you use the steps outlined.

Kind regards
Aubrey Kloppers
01-11-2011, 02:17 AM
cyber7

Also have a look at:

Ajcody-Notes-SSLCerts - Zimbra :: Wiki

for cert errors and how to fix.

Kind regards
Aubrey Kloppers