Results 1 to 5 of 5

Thread: ZCS: SSL certificates approaching expiration!

  1. #1
    mludwig is offline Senior Member
    Join Date
    Mar 2008
    Posts
    52
    Rep Power
    7

    Default ZCS: SSL certificates approaching expiration!

    Hi,

    in my inbox I have a mail from zimbra which says that the certificates willl expire soon.
    To avoid this, the release notes for 7.1.2 say on page 10 to run these commands:

    Code:
    sudo zmcertmgr createca -new
    sudo zmcertmgr deployca
    sudo zmcertmgr deploycrt self -new
    As this didn't work with the zimbra user I found this thread here in the forum:

    Zimbra user password???

    In this thread phoenix said that the commands could as well be run as root.
    So I did this.

    This is what I did:

    Code:
    root@mail:~#
    root@mail:~# /opt/zimbra/bin/zmcertmgr createca -new
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
    root@mail:~#
    root@mail:~#
    root@mail:~#
    root@mail:~# /opt/zimbra/bin/zmcertmgr deployca
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Saving global config key zimbraCertAuthorityCertSelfSigned...done.
    ** Saving global config key zimbraCertAuthorityKeySelfSigned...done.
    ** Copying CA to /opt/zimbra/conf/ca...done.
    root@mail:~#
    root@mail:~#
    root@mail:~#
    root@mail:~#
    root@mail:~# /opt/zimbra/bin/zmcertmgr deploycrt self -new
    Can't deploy cert for -new.  Unknown service.
    root@mail:~#
    root@mail:~#
    root@mail:~#
    root@mail:~#
    root@mail:~#
    root@mail:~# /opt/zimbra/bin/zmcertmgr deploycrt self
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    root@mail:~#
    root@mail:~#
    root@mail:~#
    root@mail:~#
    Is that okay?
    Zimbra is still running, but I'm afraid of the new restart... :-)

    Michael

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,585
    Rep Power
    57

    Default

    Quote Originally Posted by mludwig View Post
    As this didn't work with the zimbra user I found this thread here in the forum:

    Zimbra user password???

    In this thread phoenix said that the commands could as well be run as root.
    You're actually mis-quoting me. For clarification, my comment in that thread was in relation to becoming the Zimbra user not about generating the certificates.

    Quote Originally Posted by mludwig View Post
    Is that okay?
    Zimbra is still running, but I'm afraid of the new restart... :-)
    There should be no problems, for future reference the details of generating the Certificates are here: Administration Console and CLI Certificate Tools - Zimbra :: Wiki
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    mludwig is offline Senior Member
    Join Date
    Mar 2008
    Posts
    52
    Rep Power
    7

    Default

    Hi phoenix, sorry for misquoting you. :-)
    Thank you again for your help and the link to the wiki. :-)

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,585
    Rep Power
    57

    Default

    Quote Originally Posted by mludwig View Post
    Hi phoenix, sorry for misquoting you. :-)
    That's OK, the clarification was just for anyone else reading this thread.

    Quote Originally Posted by mludwig View Post
    Thank you again for your help and the link to the wiki. :-)
    You're welcome.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    mludwig is offline Senior Member
    Join Date
    Mar 2008
    Posts
    52
    Rep Power
    7

    Default

    Good morning,

    it's me again.

    Quote Originally Posted by phoenix View Post
    There should be no problems, [...]
    After the daily restart there were still the old certificates installed in zimbra which were valid till 09/29/2011.


    Quote Originally Posted by phoenix View Post
    for future reference the details of generating the Certificates are here: Administration Console and CLI Certificate Tools - Zimbra :: Wiki
    Taking the new Wiki article as a source of information everything worked fine. Now (after a restart of the system) I have the newly generated certificates running, valid till 2012.
    So that's it, I'm running fine with the new certs now.

    Michael

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Zimbra SSL Certificates Expired
    By madods in forum Administrators
    Replies: 4
    Last Post: 10-04-2010, 02:44 AM
  2. Trouble Sending mail - All Messages deferred!
    By SiteDiscovery in forum Administrators
    Replies: 7
    Last Post: 09-03-2009, 04:52 AM
  3. Replies: 0
    Last Post: 01-15-2008, 01:33 PM
  4. ZCS 3.2 Beta Available
    By KevinH in forum Announcements
    Replies: 31
    Last Post: 07-07-2006, 03:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •