[zimbra@shoemasters ~]$ sh -x bin/zmcreatecert
+ CONF=/opt/zimbra/conf
+ TCONF=/opt/zimbra/tomcat/conf
+ B=/opt/zimbra/ssl
+ BASE=/opt/zimbra/ssl/ssl
+ JAVA_HOME=/opt/zimbra/java
+ TOMCAT=/opt/zimbra/tomcat/conf
+ rm -rf /opt/zimbra/ssl/ssl/newCA
+ mkdir -p /opt/zimbra/ssl/ssl/ca
+ mkdir -p /opt/zimbra/ssl/ssl/newCA/newcerts
+ touch /opt/zimbra/ssl/ssl/newCA/index.txt
+ mkdir -p /opt/zimbra/ssl/ssl/cert
+ mkdir -p /opt/zimbra/ssl/ssl/server
+ mkdir -p /opt/zimbra/tomcat/conf
+ getHostInfo
++ /opt/zimbra/bin/zmlocalconfig -m nokey zimbra_server_hostname
+ H=shoemasters.com
+ createConf
+ cat /opt/zimbra/conf/zmssl.cnf.in
+ sed -e s/@@HOSTNAME@@/shoemasters.com/
+ createSerial
+ '[' -f /opt/zimbra/ssl/ssl/ca/ca.srl ']'
++ cat /opt/zimbra/ssl/ssl/ca/ca.srl
+ SER=06
++ expr 06 + 1
+ SER=7
+ '[' 7 -lt 10 ']'
+ SER=07
+ echo 07
+ importCA
+ echo '** Importing CA'
** Importing CA
+ echo
+ keytool -import -noprompt -keystore /opt/zimbra/java/jre/lib/security/cacerts -file /opt/zimbra/ssl/ssl/ca/ca.pem -alias my_ca -storepass changeit
keytool error: java.lang.Exception: Certificate not imported, alias <my_ca> already exists
+ createKeyStore
+ echo '** Creating keystore'
** Creating keystore
+ echo
+ rm -f /opt/zimbra/tomcat/conf/keystore
+ keytool -genkey -dname 'CN=shoemasters.com, OU=Zimbra, O=Zimbra, L=NA, S=NA, C=US' -alias tomcat -keyalg RSA -keysize 1024 -keystore /opt/zimbra/tomcat/conf/keystore -storetype JKS -storepass zimbra -keypass zimbra
+ createCertReq
+ echo '** Creating server cert request'
** Creating server cert request
+ echo
+ openssl req -new -nodes -out /opt/zimbra/ssl/ssl/server/server.csr -keyout /opt/zimbra/ssl/ssl/server/server.key -newkey rsa:1024 -config /opt/zimbra/ssl/ssl/zmssl.cnf -batch
Generating a 1024 bit RSA private key
.++++++
............++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
+ keytool -certreq -keyalg RSA -alias tomcat -file /opt/zimbra/ssl/ssl/server/tomcat.csr -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
+ cp /opt/zimbra/ssl/ssl/server/tomcat.csr /tmp/tomcat.csr.9212
+ cat /tmp/tomcat.csr.9212
+ sed -e 's/NEW CERTIFICATE REQUEST/CERTIFICATE REQUEST/'
+ signCertReq
+ echo '** Signing cert request'
** Signing cert request
+ echo
+ openssl ca -out /opt/zimbra/ssl/ssl/server/server.crt -notext -config /opt/zimbra/ssl/ssl/zmssl.cnf -in /opt/zimbra/ssl/ssl/server/server.csr -keyfile /opt/zimbra/ssl/ssl/ca/ca.key -cert /opt/zimbra/ssl/ssl/ca/ca.pem -batch
Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 7 (0x7)
Validity
Not Before: Nov 29 10:29:24 2005 GMT
Not After : Nov 29 10:29:24 2006 GMT
Subject:
countryName = US
stateOrProvinceName = N/A
organizationName = Zimbra Collaboration Suite
commonName = shoemasters.com
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
49:A2:55:5D:6E:53:91:31:70:C6:7C:56:04:6A
2:AC:48 :6C:1D:F9
X509v3 Authority Key Identifier:
DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=shoemasters.com
serial:00
Certificate is to be certified until Nov 29 10:29:24 2006 GMT (365 days)
Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
+ openssl x509 -CA /opt/zimbra/ssl/ssl/ca/ca.pem -CAkey /opt/zimbra/ssl/ssl/ca/ca.key -CAserial /opt/zimbra/ssl/ssl/ca/ca.srl -req -in /opt/zimbra/ssl/ssl/server/tomcat.csr -out /opt/zimbra/ssl/ssl/server/tomcat.crt -days 365
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=shoemasters.com
Getting CA Private Key
unable to write 'random state'
+ cp /opt/zimbra/ssl/ssl/server/server.crt /opt/zimbra/conf/slapd.crt
+ cp /opt/zimbra/ssl/ssl/server/server.key /opt/zimbra/conf/slapd.key
+ mkdir -p /opt/zimbra/conf/ca
+ cp /opt/zimbra/ssl/ssl/ca/ca.key /opt/zimbra/conf/ca/ca.key
+ cp /opt/zimbra/ssl/ssl/ca/ca.pem /opt/zimbra/conf/ca/ca.pem
Bugzilla
Wiki
Source
Linear Mode
