Manual certificate / installation for Godaddy 2048 requirement
I let our certificate expire, due to poor planning, and was not able
to use the Certificate Tool to generated a new CSR. ( I assume because
cert had expired ).
Tried to generate a CSR using the commercial.key as noted
in the wiki but I could not find a way to generate a 2048 bit key.
GoDaddy appears to require a 2048 bit setup hence I decided to try
brute force and do everything the long way. Here were the steps.
0) Make a working directory and work out of it, FOR example.
1) Generate a key ( has to have a password initially ?? )
openssl genrsa -des3 -out zimbra_password.key 2048
2) remove the password from key file ( use password set in step 1 above )
openssl rsa -in zimbra_password.key -out zimbra.key
3) generate CSR ( make sure CN is correct for application etc)
openssl req -new -key zimbra.key -out zimbra.csr
4) view and verify CSR values, this is optional step.
openssl req -noout -text -in zimbra.csr
5) copy & paste contents of zimbra.csr to godaddy as needed.
6) download domain_certificate.zip from godaddy as needed.
7) unzip file should be 2 files www.domain.com.crt and gd_bundle.crt
8) make copy of www.domain.com.crt to commercial.crt to make things clean.
cp www.domain.com.crt commercial.crt
10) copy new key to zimbra path, MAY want to backup current key first.
cp zimbra.key /opt/zimbra/ssl/zimbra/commercial/commercial.key
11) verify crt from working dir or fix the paths below.
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key commercial.crt gd_bundle.crt
12) if verify step above is okay, deploy certificate.
/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt gd_bundle.crt
13) Cross your fingers and read the results of the deployment.
14) restart zimbra, reboot server etc.
These steps appear to work for us, using Zimbra 5.0.18 NE (expired lic)
this works great thanks for the info
thanks for the info this works great! i have not found any way of doing this through the gui this has worked for me on two servers so far.
Originally Posted by markd
there may be zimbra tools for this now
I believe there is another forum discussion in this regards for the
new zimbra tools which will allow you to create larger certs.
Hence, I suggest searching the forums as these steps may be more
difficult. Of course the new tools are probably Z6.0+.
GoDaddy Multi-Domain Certificate
If anyone need to install a GoDaddy multi-domain certificate. We did the following when we created the CSR. It seems to be working on our system.
Obviously you should substitute $VARIABLE for and "relevant value" e.g. $DOMAIN1="mydomain.com", $DOMAIN2="zimbra.myotherdomain.org", etc.
openssl req -new -key zimbra.key -subj "/C=$YOURCOUNTRY/ST=$YOURSTATE/L=$YOURCITY/O=$YOURORG/OU=Zimbra/CN=$DOMAIN1/CN=$DOMAIN2/CN=$DOMAIN3" -out zimbra.csr
I got the idea from the bottom of this blog post.
SSL System Howtos and Tutorials
Hope that helps. We're going to 6 as soon as we can, but apparently not soon enough.