Results 1 to 3 of 3

Thread: Unable to generate proper certificate on 8.0 Open Source edition

  1. #1
    BOFH_007 is offline New Member
    Join Date
    Sep 2012
    Posts
    3
    Rep Power
    2

    Default Unable to generate proper certificate on 8.0 Open Source edition

    Hi,

    I'm completely new here, but this does not mean that I did not read manual or wiki I been trying to generate proper selfsigned certificate for my Z server.

    z4MnL.jpg

    Basically I been trying to avoid those Zimbra Collaboration Server messages shown in certificate. Been following all available guides in wiki, but info there looks outdated, at first I saw that /opt/zimbra/ssl/zimbra/ca/zmssl.cnf is being overwritten when making certificate (not CA) for some reason. Then I managed to bypass that, but still, when CRT is generated and deployed to server, the new certificate with completely different contents inside is being shown to public. Can anyone provide me correct instructions or manual or anything else which could help me make absolutely custom certificate ?

    Thanks,

  2. #2
    BOFH_007 is offline New Member
    Join Date
    Sep 2012
    Posts
    3
    Rep Power
    2

    Default

    Fixed by manually modified some files (I think there must be fe easier way to do that).

  3. #3
    tdslot is offline Active Member
    Join Date
    May 2010
    Posts
    46
    Rep Power
    5

    Default

    Quote Originally Posted by BOFH_007 View Post
    Fixed by manually modified some files (I think there must be fe easier way to do that).
    Here is my workaround.
    Code:
    ################################################################################################################
    # Regenerate SSL Cert
    ################################################################################################################
    su - zimbra -c 'zmcontrol stop'
    rm -rf /opt/zimbra/ssl/*
    rm -rf /opt/zimbra/ssl/.rnd
    /opt/zimbra/java/bin/keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
    /opt/zimbra/java/bin/keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `su - zimbra -c 'zmlocalconfig -s -m nokey mailboxd_keystore_password'`
    nano /opt/zimbra/bin/zmcertmgr
    
    # Find line 
    # SUBJECT="/C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}" 
    # and change to your company name
    # then find and change you want value days expire cert 
    # validation_days=365
    # save /opt/zimbra/bin/zmcertmgr
    
    /opt/zimbra/bin/zmcertmgr createca -new
    /opt/zimbra/bin/zmcertmgr deployca -localonly
    /opt/zimbra/bin/zmcertmgr createcrt self -new
    /opt/zimbra/bin/zmcertmgr deploycrt self
    
    su - zimbra -c 'zmcontrol start'
    
    /opt/zimbra/bin/zmcertmgr deploycrt self
    /opt/zimbra/bin/zmcertmgr deployca
    
    su - zimbra -c 'zmupdateauthkeys'
    /opt/zimbra/bin/zmcertmgr viewdeployedcrt
    I think it will ok for 8.x versions. Not tested.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: 07-21-2011, 01:44 AM
  2. Replies: 2
    Last Post: 04-24-2009, 04:52 PM
  3. bypass certificate in open source edition?
    By bbarrons in forum Installation
    Replies: 5
    Last Post: 11-28-2008, 02:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •