Commercial wildcard certificates

[nvalentine]

The Commercial Certificate document is a little confusing as it is but has anyone had any luck using this document to install a wildcard SSL cert? I have a wildcard cert that I would like to install but it also requires that a CA cert be imported somehow and I can't really find enough documentation about keytool to know how one would approach this problem.

Thanks for any help/pointers.

[strandtc]

I too have this question. I havn't installed the cert yet because if appears WM5 devices don't like wildcard certs? Are there special instructions though on the installation? I don't need the CSR step, right?

-Chris

[padraig]

Quote:

Originally Posted by strandtc

I too have this question. I havn't installed the cert yet because if appears WM5 devices don't like wildcard certs? Are there special instructions though on the installation? I don't need the CSR step, right?

-Chris

hi Chris,
i had the same issues put a link to the solution here:
WildCard Certificates
also:
http://wiki.zimbra.com/index.php?tit...e_Device_Setup

[padraig]

Quote:

Originally Posted by nvalentine

The Commercial Certificate document is a little confusing as it is but has anyone had any luck using this document to install a wildcard SSL cert? I have a wildcard cert that I would like to install but it also requires that a CA cert be imported somehow and I can't really find enough documentation about keytool to know how one would approach this problem.

Thanks for any help/pointers.

Did a quick and nasty script to do this:

run this from the directory your certificates are in ON A TEST SERVER!!!:
update request_domain to be your own domain

it works for me with a cerificate from http://certs.ipsca.com/ ( which is free to .edu 's)
check out http://certs.ipsca.com/support/CSRJakarta-Tomcat.asp first.

NO WARRANTY on this RUN AT YOUR OWN RISK!

Please debug this before using

Code:

################################################################################################################
# set the doamin
################################################################################################################
request_domain='email.mydomain.com'

################################################################################################################
#copy the ssl files to tmp so user zimbra can access
################################################################################################################
mkdir -p /tmp/ssl
cp -f * /tmp/ssl
chmod -R 777 /tmp/ssl

################################################################################################################
# NB: THE ORDER is important
################################################################################################################


###########################################################################################################
# update apache-tomcat cert
################################################################################################################
su - zimbra -c 'echo y |keytool -import -alias root -keystore /tmp/ssl/'$request_domain'.keystore -trustcacerts -file /tmp/ssl/root_der.cer -storepass zimbra'
su - zimbra -c 'keytool -import -alias chain -keystore /tmp/ssl/'$request_domain'.keystore -trustcacerts -file /tmp/ssl/chain_der.cer -storepass zimbra'
su - zimbra -c 'keytool -import -alias tomcat -keystore /tmp/ssl/'$request_domain'.keystore -trustcacerts -file /tmp/ssl/'$request_domain'.p7b -storepass zimbra'
#use this keystore in /opt/zimbra/tomcat/conf/keystore (/opt/zimbra/tomcat/conf/server.xml uses this)
su - zimbra -c 'cp -f /opt/zimbra/tomcat/conf/keystore /opt/zimbra/tomcat/conf/keystore.old'
su - zimbra -c 'cp -f /tmp/ssl/'$request_domain'.keystore /opt/zimbra/tomcat/conf/keystore'

###########################################################################################################
# update java cert (ca will fail without this!) 
################################################################################################################
chmod a+w /opt/zimbra/java/jre/lib/security/cacerts
cp -f /opt/zimbra/java/jre/lib/security/cacerts  /opt/zimbra/java/jre/lib/security/cacerts.old
su - zimbra -c 'keytool -delete -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit'
su - zimbra -c 'keytool -delete -alias chain -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit'
su - zimbra -c 'keytool -delete -alias tomcat -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit'

su - zimbra -c 'echo y |keytool -import -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -file /tmp/ssl/root_der.cer -trustcacerts -storepass changeit'
su - zimbra -c 'keytool -import -alias chain -keystore /opt/zimbra/java/jre/lib/security/cacerts -file /tmp/ssl/chain_der.cer -trustcacerts -storepass changeit'
su - zimbra -c 'keytool -import -alias tomcat -keystore /opt/zimbra/java/jre/lib/security/cacerts -file /tmp/ssl/'$request_domain'.cer -trustcacerts -storepass changeit'
chmod a-w /opt/zimbra/java/jre/lib/security/cacerts

su - zimbra -c 'tomcat restart'

################################################################################################################
#remove tmp ssl files 
################################################################################################################
rm -rf /tmp/ssl

################################################################################################################
#To Update the login use:
################################################################################################################
su - zimbra -c 'zmtlsctl mixed' # or 'zmtlsctl https'
su - zimbra -c 'tomcat restart'