Zimbra

kyo · #1 (**permalink**) 03-18-2009, 10:34 PM

First I wanted to say I'm a newbie when it comes to linux, so i'm not sure if this can be done.

Basically I have a wildcard SSL cert for my domain, and it's installed on a windows. Is it possible for me to export it from windows and import it into the box where I have zimbra installed.

My installation of zimbra is installed on SLES 10.2.

Any sugguestion would be greatly appreciated.

jeeves · #2 (**permalink**) 03-19-2009, 03:20 AM

I wud suggest you to verify with the certificate provider regarding the comaptibility(windows and linux). You can then try to install the certificates via the admin console.

Please see this link for more info :

http://wiki.zimbra.com/index.php?tit...tificate_Tools

kyo · #3 (**permalink**) 03-19-2009, 12:07 PM

Quote:

Originally Posted by jeeves

I wud suggest you to verify with the certificate provider regarding the comaptibility(windows and linux). You can then try to install the certificates via the admin console.

Please see this link for more info :

http://wiki.zimbra.com/index.php?tit...tificate_Tools

Unfortunately in the admin console, i cannot just import the certificate. I have to generate a csr request first. Since I'm trying to install an existing cert I dont need to generate a csr.

ewilen · #4 (**permalink**) 03-20-2009, 09:28 PM

I was in a similar situation recently; actually I needed to re-use a cert from an earlier trial NE with a new version of the trial NE. I had partial success using

/opt/zimbra/bin/zmcertmgr deploycrt comm

(Must be run as root.)

See zmcertmgr and Administration Console and CLI Certificate Tools - Zimbra :: Wiki

Where I ran into trouble was with the intermediate and root certs, I believe. The commercial certificate is installed but the cert chain isn't complete as far as a web browser or other client is concerned. I would go back and try again but I've been busy with more pressing matters.

As for exporting a cert from Windows, I know that I've done it in the past. Here's a link that I turned up via a web search: How to export a SSL certificate from Windows 2000 / 2003 server?

However, when I did it in the past, I was importing the cert into another IIS machine. I don't know if the format produced by Windows will be compatible with Zimbra, or if not, whether it can be massaged into the right format.

kyo · #5 (**permalink**) 03-23-2009, 02:49 AM

I have no issue exported the ssl cert from windows. I've even got as far using openssl to convert the certificate format from pfx file to a text, and used it to create a key file, and a cert file for zimbra. I downloaded the certificate chain, and followed the wiki to install the godaddy cert and used cat to combine the chain into one cert file. However I get an error message when I try to use zmcertmgr to deploy the cert, it was related to the cert not matching the csr.

So i'm not sure if it is possible to import a cert into zimbra, without actually first generating a csr request.

ewilen · #6 (**permalink**) 03-23-2009, 03:46 AM

You may be right. When I did the import to Zimbra, I had one or more files scavenged from the previous install; one of them may have had the csr info. I'll try to remember to double check my notes but if I don't followup please pm me.

kyo · #7 (**permalink**) 03-23-2009, 12:26 PM

I was able to finally install the cert, but i created another problem.

So i used openssl to export the key and cert into separate files, commericial.crt and commercial.key

I followed the instructions on the wiki to install the godaddy commericial but i also added the commercial.crt to the cat command.

Then i edited the commercial_ca.crt it generated, it looked like one of my certs didn't end correctly so a space was inserted.

Now the cert is installed and it's working, however when i stopped the service and started it using zmcontrol it prompts for PEM phrase.