Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page CACert.org - Howto Install Guideline.

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-03-2010, 06:11 AM
Loyal Member
  
Posts: 80
Default CACert.org - Howto Install Guideline.
Hi Guys.
After spending about two days on this, I would like to share:

Steps to follow:
0. run as root "keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit"
1. Create youself a cacert username.
2. Create a new certificate through your admin console.
3. copy the contents from /opt/zimbra/ssl/zimbra/commercial/commercial.csr to use as your cacert key (my.crt).
3.a. NOTE: The generated key will be saved as my.crt
4. copy the root/class3 crt files on the main page of cacert.org
5. run the following commands (between the "")
# "keytool -import -alias cacertclass1ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -import -trustcacerts -file root.crt"
# "keytool -import -alias cacertclass3ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -import -trustcacerts -file class3.crt"
# "keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file ./my.crt"
# "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key ./my.crt ./root.crt"
# "/opt/zimbra/bin/zmcertmgr deploycrt comm ./my.crt ./root.crt"


Explenation of commands:
1. imports the root cert.
2. imports the class3 cert.
3. imports the server cert.
4. verify everything is ok.
5. deploys the cert.

then do a:
su - zimbra
zmcontrol restart

Check if everything is ok.

Kind regards
Aubrey Kloppers
Last edited by cyber7; 07-12-2011 at 02:09 AM..
Reply With Quote
  #2 (permalink)  
Old 11-24-2010, 05:36 AM
Loyal Member
  
Posts: 80
Default
Hi Guys

Some notes on this:
When generating a CERT in Zimbra, use wildcard on your domain i.e:
instead of using
- mail.example.com
use
- *.example.com

This will allow you to use multiple names.

I use for internal mail:
mail.example.com
and for external mail:
mymail.example.com

It just makes it easier to manage on my firewall.

Another note:
If you made a mistake and re-generate the cert, you only have to save the my.crt and run:
"/opt/zimbra/bin/zmcertmgr deploycrt comm ./my.crt ./root.crt"

Kind regards
Aubrey Kloppers

Kind regards
Aubrey Kloppers
Reply With Quote
  #3 (permalink)  
Old 11-26-2010, 06:51 PM
Senior Member
  
Posts: 51
Default
I really appreciate your comments.

Thanks,

Pancho
Reply With Quote
  #4 (permalink)  
Old 11-28-2010, 11:37 PM
Loyal Member
  
Posts: 80
Red face
Hi Pancho

It is realy my pleasure! I suffered with this one and found it quite easy if you use the steps outlined.

Kind regards
Aubrey Kloppers
Reply With Quote
  #5 (permalink)  
Old 01-11-2011, 02:17 AM
Loyal Member
  
Posts: 80
Default
Also have a look at:

Ajcody-Notes-SSLCerts - Zimbra :: Wiki

for cert errors and how to fix.

Kind regards
Aubrey Kloppers
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.