Results 1 to 5 of 5

Thread: CACert.org - Howto Install Guideline.

  1. #1
    cyber7 is offline Special Member
    Join Date
    May 2010
    Location
    Cape Town; South Africa
    Posts
    102
    Rep Power
    5

    Default CACert.org - Howto Install Guideline.

    Hi Guys.
    After spending about two days on this, I would like to share:

    Steps to follow:
    0. run as root "keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit"
    1. Create youself a cacert username.
    2. Create a new certificate through your admin console.
    3. copy the contents from /opt/zimbra/ssl/zimbra/commercial/commercial.csr to use as your cacert key (my.crt).
    3.a. NOTE: The generated key will be saved as my.crt
    4. copy the root/class3 crt files on the main page of cacert.org
    5. run the following commands (between the "")
    # "keytool -import -alias cacertclass1ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -import -trustcacerts -file root.crt"
    # "keytool -import -alias cacertclass3ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -import -trustcacerts -file class3.crt"
    # "keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file ./my.crt"
    # "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key ./my.crt ./root.crt"
    # "/opt/zimbra/bin/zmcertmgr deploycrt comm ./my.crt ./root.crt"


    Explenation of commands:
    1. imports the root cert.
    2. imports the class3 cert.
    3. imports the server cert.
    4. verify everything is ok.
    5. deploys the cert.

    then do a:
    su - zimbra
    zmcontrol restart

    Check if everything is ok.

    Kind regards
    Aubrey Kloppers
    Last edited by cyber7; 07-12-2011 at 02:09 AM.

  2. #2
    cyber7 is offline Special Member
    Join Date
    May 2010
    Location
    Cape Town; South Africa
    Posts
    102
    Rep Power
    5

    Default

    Hi Guys

    Some notes on this:
    When generating a CERT in Zimbra, use wildcard on your domain i.e:
    instead of using
    - mail.example.com
    use
    - *.example.com

    This will allow you to use multiple names.

    I use for internal mail:
    mail.example.com
    and for external mail:
    mymail.example.com

    It just makes it easier to manage on my firewall.

    Another note:
    If you made a mistake and re-generate the cert, you only have to save the my.crt and run:
    "/opt/zimbra/bin/zmcertmgr deploycrt comm ./my.crt ./root.crt"

    Kind regards
    Aubrey Kloppers

    Kind regards
    Aubrey Kloppers

  3. #3
    Panchux is offline Senior Member
    Join Date
    Aug 2010
    Posts
    54
    Rep Power
    5

    Default

    I really appreciate your comments.

    Thanks,

    Pancho

  4. #4
    cyber7 is offline Special Member
    Join Date
    May 2010
    Location
    Cape Town; South Africa
    Posts
    102
    Rep Power
    5

    Red face

    Hi Pancho

    It is realy my pleasure! I suffered with this one and found it quite easy if you use the steps outlined.

    Kind regards
    Aubrey Kloppers

  5. #5
    cyber7 is offline Special Member
    Join Date
    May 2010
    Location
    Cape Town; South Africa
    Posts
    102
    Rep Power
    5

    Default

    Also have a look at:

    Ajcody-Notes-SSLCerts - Zimbra :: Wiki

    for cert errors and how to fix.

    Kind regards
    Aubrey Kloppers

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 5
    Last Post: 09-21-2009, 04:11 PM
  2. HOWTO: Ubuntu 64bit Install
    By dijichi2 in forum Installation
    Replies: 12
    Last Post: 07-23-2008, 03:33 PM
  3. Replies: 21
    Last Post: 09-27-2007, 11:49 AM
  4. SUSE Linux Enterprise Server 9 NAT Install HOWTO
    By LMStone in forum Installation
    Replies: 0
    Last Post: 11-03-2006, 02:31 PM
  5. Replies: 4
    Last Post: 01-18-2006, 11:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •