Results 1 to 5 of 5

Thread: Renew Certificate

  1. #1
    winston6071 is offline Intermediate Member
    Join Date
    Jun 2012
    Posts
    17
    Rep Power
    3

    Default Renew Certificate

    Hello!

    I already tried some searching in here, but maybe overread it so sorry if its adouble post...

    i have a commercial certificate installed on my zimbra 8.0.5 version.
    because my certificate is running out, my provider sent me a new CRT file, so whats the best way to update this now ?

    in the gui somehow or on the command line ?

    thanks in advance

    cheers

  2. #2
    jorgedelacruz.es is offline Special Member
    Join Date
    May 2014
    Location
    Madrid
    Posts
    171
    Rep Power
    1

    Default

    Hi winston6071,
    Please follow these steps - Instalar un Certificado SSL comercial en nuestro servidor Zimbra » Blog de Jorge de la Cruz please look into the last steps. Do you have the last csr and private key, the same from the last time?

    Best regards

  3. #3
    winston6071 is offline Intermediate Member
    Join Date
    Jun 2012
    Posts
    17
    Rep Power
    3

    Default

    Quote Originally Posted by jorgedelacruz.es View Post
    Hi winston6071,
    Please follow these steps - Instalar un Certificado SSL comercial en nuestro servidor Zimbra » Blog de Jorge de la Cruz please look into the last steps. Do you have the last csr and private key, the same from the last time?

    Best regards
    Hey thanks for Answer!

    the Problem is i got 2 files one is called
    STAR_mydomain_com.ca-bundle
    and the other one
    STAR_mydomain_com.crt

    so the only thing to do is using this command ?

    zimbra@vps:/opt/zimbra/ssl/zimbra/commercial# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt STAR_mydomain_com.crt

    do i need this command after the above ?
    zimbra@vps:/opt/zimbra/ssl/zimbra/commercial# /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt

    and yes i have the former used csr and key files ... ???

    -----
    i can remember i combined some files last time to make it work ... but i am not sure which ones ....
    1. maybe i have to combine the bundle file with the crt file and then use the command below
    2. or do i have to combine the old csr file with the old key file and with the new STAR_mydomain_com.crt file

    /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt STAR_mydomain_com_combined_file.crt

    have to be precise dont wanna screw up my production server :-)

  4. #4
    chauvetp is offline Elite Member
    Join Date
    Apr 2008
    Location
    New Paltz, NY
    Posts
    333
    Rep Power
    7

    Default

    Create your commercial-ca.crt file as follows: (this is for a Comodo, which it appears your cert may be from as well):
    cat /tmp/AddTrustExternalCARoot.crt /tmp/STAR_mydomain.com.ca-bundle > /tmp/commercial-ca.crt

    Then, make sure your private kjey file is stored as /opt/zimbra/ssl/zimbra/commercial/commercial.key

    The following is the command I used when I renewed certs last:
    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/STAR_mydomain_com.crt /tmp/commercial-ca.crt
    ---
    Paul Chauvet
    State University of New York at New Paltz

  5. #5
    winston6071 is offline Intermediate Member
    Join Date
    Jun 2012
    Posts
    17
    Rep Power
    3

    Default

    Thanks guys you brought some light into this too.
    To give back the consolidated info to the forum, to have a way to go, hopefully clear and easy to understand.

    Update as we did it now, which is quite the same people wrote here too, so thanks for your help guys :

    1. key files from last CSR request do not exist:
    if you do not have the former used key file from the last CSR request, you need to to the whole thing again create the CSR and request a kompletely new ZERT from your CA... and copy all the files into the "/opt/zimbra/ssl/zimbra/commercial/" directory if not already there --> You can do this in Admin GUI as well i think. Interesting link

    2. former used key and priv files exist JUST UPDATING:
    If you do have the existing .key file which was used for the last csr generating for the certificate, you might just do the following.
    the files are still in in the directory "/opt/zimbra/ssl/zimbra/commercial/commercial.key" so no action needed.

    - do the following:

    write this file :
    Intermediate (domain.ca-bundle -- STAR_domain_com.ca-bundle received from ca after renew of cert ZIP file -- )
    and write this file :
    Root-CA (AddTrustxxxx.crt -- Comodo Root CA, download from COMODO --)
    after each other into one file:

    cat files into >> cabundle.pem

    write this file :
    Domain-certificate into: ( -- STAR_domainname_com.crt received from CA ZIP file -- )

    cat > domain.pem

    verify certificate-Chain with openssl:
    /opt/zimbra/openssl/bin/openssl verify -CAfile cabundle.pem domain.pem

    import certificate into Zimbra:
    /opt/zimbra/bin/zmcertmgr deploycrt comm domain.pem cabundle.pem

    restart Zimbra

    hope this helps someone else who is doing this as seldomly as I am :-) and thus never knows which file means what :-)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. How to Renew SSL certificate in Zimbra Opensource 7.1.
    By shabbir mansuri in forum Administrators
    Replies: 4
    Last Post: 09-06-2012, 01:48 AM
  2. Certificate security warning after renew
    By gnoul in forum Administrators
    Replies: 1
    Last Post: 08-23-2010, 09:48 PM
  3. [SOLVED] Problem with certificate renew
    By bibo in forum Administrators
    Replies: 1
    Last Post: 02-12-2010, 04:13 AM
  4. Renew a certificate
    By Billy in forum Administrators
    Replies: 3
    Last Post: 09-07-2009, 02:20 AM
  5. Renew of GoDaddy SSL Certificate
    By phatbyte in forum Administrators
    Replies: 4
    Last Post: 10-07-2008, 09:15 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •