Results 1 to 7 of 7

Thread: Location of certificates in Zimbra

  1. #1
    alnet is offline Junior Member
    Join Date
    Apr 2014
    Posts
    5
    Rep Power
    1

    Question Location of certificates in Zimbra

    Hey there!

    First off, I am using Zimbra 8.0.6 (CE) using CentOS 6. I am an avid fan of Zimbra and really spreading the word. Kudos for all your work!

    I have one (tiny) issue I need resolved. I am using puppet to deploy certificates to all the servers, which will be placed as files on the server, so on my Mailserver. So I have a .key and .crt for Zimbra. I am just hellish curious on how to insert those certs from the command line, or even better, get the location of the crt and key files which are in use by Zimbra.

    A find revealed:

    Code:
    ./.saveconfig/slapd.crt
    ./.saveconfig/8.0.5_GA_5839.RHEL6_64-20130910123908.x86_64/0/slapd.crt
    ./.saveconfig/8.0.5_GA_5839.RHEL6_64-20130910123908.x86_64/0/smtpd.crt
    ./.saveconfig/smtpd.crt
    ./.saveconfig/nginx.crt
    ./curl-7.31.0/share/curl/ca-bundle.crt
    ./conf/slapd.crt
    ./conf/smtpd.crt
    ./conf/nginx.crt
    ./ssl/zimbra.20130618133858/server/server.crt
    ./ssl/zimbra/commercial/commercial.crt
    ./ssl/zimbra/commercial/commercial_ca.crt
    ./ssl/zimbra/server/server.crt
    ./ssl/zimbra.20130618131840/zimbra/server/server.crt
    ./ssl/zimbra.20130618131840/server/server.crt
    ./ssl/zimbra.20130618141045/commercial/commercial_ca.crt
    ./ssl/zimbra.20130618141045/server/server.crt
    ./ssl/zimbra.20130618131848/zimbra/server/server.crt
    ./ssl/zimbra.20130618131848/server/server.crt

    I did install a certificate via the webinterface, and grep'ed a string from that cert through all those certs, turns out, it was placed here:

    Code:
    ./conf/slapd.crt
    ./conf/smtpd.crt
    ./conf/nginx.crt
    So I replaced those with my new cert, and restarted zimbra via ./zmcontrol stop and restarted the services. The issued certificate in the browser was still the old one, not the replaced one.

    I can only assume Zimbra somehow imports those files into a mysterious database and works from there.

    Any ssl-zimbra-gurus around that could shed some light on this issue?


    Thanks in advance!
    -Christian.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    You'll find details about certificates and their installation in a wiki search.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    alnet is offline Junior Member
    Join Date
    Apr 2014
    Posts
    5
    Rep Power
    1

    Default

    Hey,

    thanks for the reply --
    I searched that, but the majority of those links are for ancient versions (5.x). The only clue I could find is:

    "The private key must exist in the /opt/zimbra/ssl/zimbra/commercial directory, and must be named commercial.key with its permission set to 740
    The server certificate and the chain certificate files must exist in a temp directory. (E.g. /root/certs/)
    The chain certificate files must be concatenated into one file called commercial_ca.crt"
    As I wrote above, replacing those files and restarting the server resulted in no joy.

    -Chris.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Quote Originally Posted by alnet View Post
    I searched that, but the majority of those links are for ancient versions (5.x).
    Yes but one of those is a Zimbra Certified document about Certificate installation and it applies to ZCS 8.0.x.

    Quote Originally Posted by alnet View Post
    As I wrote above, replacing those files and restarting the server resulted in no joy.-Chris.
    So are you actually saying that you've followed the install instruction and used the Admin UI wizard or the cli instructions and it doesn't work or did you just replace the files in the Zimbra directories?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    alnet is offline Junior Member
    Join Date
    Apr 2014
    Posts
    5
    Rep Power
    1

    Default

    Quote Originally Posted by phoenix View Post
    So are you actually saying that you've followed the install instructions [...] and it doesn't work or did you just replace the files in the Zimbra directories?
    Like I said: I am trying to figure out a way to place physical files in the filesystem and make zimbra use them (key and crt). My question is not "how to do it the gui way" but rather

    - Where is the correct location for the .key and .crt file?
    - Once placed there, Do I need to do anything else besides restarting?

    Thanks again for your kind help,
    -Christian.

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Quote Originally Posted by alnet View Post
    Like I said: I am trying to figure out a way to place physical files in the filesystem and make zimbra use them (key and crt).
    That isn't the correct way to do it.

    Quote Originally Posted by alnet View Post
    My question is not "how to do it the gui way" but rather
    What's wrong with using the Certificate wizard or the CLI tools to install the Certificate - either of those would be the correct method not replacing files.
    Last edited by phoenix; 04-12-2014 at 11:44 PM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    alnet is offline Junior Member
    Join Date
    Apr 2014
    Posts
    5
    Rep Power
    1

    Default

    Hey,

    Well, how would I install a .key file to the system via cli? afaik you can only generate a key file and/or import a crt. If importing .key and .crt is possible, maybe I can dirty-hack some sort of shell script... *yuck*

    Thanks again,
    enjoy your weekend
    -Christian

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Renew zimbra certificates
    By vdagost in forum Administrators
    Replies: 0
    Last Post: 10-17-2013, 08:50 AM
  2. Zimbra Desktop with certificates?
    By softwarea in forum General Questions
    Replies: 3
    Last Post: 08-04-2011, 05:11 AM
  3. Zimbra and Client Certificates
    By Seamaster in forum General Questions
    Replies: 0
    Last Post: 07-13-2010, 11:49 PM
  4. Location Autocomplete Failed for appointment location field
    By flyerguybham in forum Administrators
    Replies: 6
    Last Post: 02-08-2010, 03:13 PM
  5. location on zimbra
    By indu in forum Administrators
    Replies: 1
    Last Post: 03-17-2008, 03:53 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •