Results 1 to 6 of 6

Thread: Manual certificate / installation for Godaddy 2048 requirement

  1. #1
    markd is offline Intermediate Member
    Join Date
    Jul 2009
    Posts
    16
    Rep Power
    6

    Default Manual certificate / installation for Godaddy 2048 requirement

    I let our certificate expire, due to poor planning, and was not able
    to use the Certificate Tool to generated a new CSR. ( I assume because
    cert had expired ).

    Tried to generate a CSR using the commercial.key as noted
    in the wiki but I could not find a way to generate a 2048 bit key.

    GoDaddy appears to require a 2048 bit setup hence I decided to try
    brute force and do everything the long way. Here were the steps.

    0) Make a working directory and work out of it, FOR example.
    mkdir /root/zimbra_cert

    1) Generate a key ( has to have a password initially ?? )
    openssl genrsa -des3 -out zimbra_password.key 2048

    2) remove the password from key file ( use password set in step 1 above )
    openssl rsa -in zimbra_password.key -out zimbra.key

    3) generate CSR ( make sure CN is correct for application etc)
    openssl req -new -key zimbra.key -out zimbra.csr

    4) view and verify CSR values, this is optional step.
    openssl req -noout -text -in zimbra.csr

    5) copy & paste contents of zimbra.csr to godaddy as needed.

    6) download domain_certificate.zip from godaddy as needed.

    7) unzip file should be 2 files www.domain.com.crt and gd_bundle.crt

    8) make copy of www.domain.com.crt to commercial.crt to make things clean.
    cp www.domain.com.crt commercial.crt

    10) copy new key to zimbra path, MAY want to backup current key first.
    cp zimbra.key /opt/zimbra/ssl/zimbra/commercial/commercial.key

    11) verify crt from working dir or fix the paths below.
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key commercial.crt gd_bundle.crt

    12) if verify step above is okay, deploy certificate.
    /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt gd_bundle.crt

    13) Cross your fingers and read the results of the deployment.

    14) restart zimbra, reboot server etc.

    These steps appear to work for us, using Zimbra 5.0.18 NE (expired lic)

  2. #2
    lewchris is offline Starter Member
    Join Date
    Nov 2008
    Posts
    1
    Rep Power
    6

    Default this works great thanks for the info

    thanks for the info this works great! i have not found any way of doing this through the gui this has worked for me on two servers so far.
    Quote Originally Posted by markd View Post
    I let our certificate expire, due to poor planning, and was not able
    to use the Certificate Tool to generated a new CSR. ( I assume because
    cert had expired ).

    Tried to generate a CSR using the commercial.key as noted
    in the wiki but I could not find a way to generate a 2048 bit key.

    GoDaddy appears to require a 2048 bit setup hence I decided to try
    brute force and do everything the long way. Here were the steps.

    0) Make a working directory and work out of it, FOR example.
    mkdir /root/zimbra_cert

    1) Generate a key ( has to have a password initially ?? )
    openssl genrsa -des3 -out zimbra_password.key 2048

    2) remove the password from key file ( use password set in step 1 above )
    openssl rsa -in zimbra_password.key -out zimbra.key

    3) generate CSR ( make sure CN is correct for application etc)
    openssl req -new -key zimbra.key -out zimbra.csr

    4) view and verify CSR values, this is optional step.
    openssl req -noout -text -in zimbra.csr

    5) copy & paste contents of zimbra.csr to godaddy as needed.

    6) download domain_certificate.zip from godaddy as needed.

    7) unzip file should be 2 files www.domain.com.crt and gd_bundle.crt

    8) make copy of www.domain.com.crt to commercial.crt to make things clean.
    cp www.domain.com.crt commercial.crt

    10) copy new key to zimbra path, MAY want to backup current key first.
    cp zimbra.key /opt/zimbra/ssl/zimbra/commercial/commercial.key

    11) verify crt from working dir or fix the paths below.
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key commercial.crt gd_bundle.crt

    12) if verify step above is okay, deploy certificate.
    /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt gd_bundle.crt

    13) Cross your fingers and read the results of the deployment.

    14) restart zimbra, reboot server etc.

    These steps appear to work for us, using Zimbra 5.0.18 NE (expired lic)

  3. #3
    vbn's Avatar
    vbn
    vbn is offline Active Member
    Join Date
    Dec 2009
    Location
    Singapore and India
    Posts
    42
    Rep Power
    5

    Default

    Ditto for us...not sure if its only with GoDaddy or other providers also. We also deploy GoDaddy same way, dont even try the quick gui way.

  4. #4
    markd is offline Intermediate Member
    Join Date
    Jul 2009
    Posts
    16
    Rep Power
    6

    Default there may be zimbra tools for this now

    I believe there is another forum discussion in this regards for the
    new zimbra tools which will allow you to create larger certs.

    Hence, I suggest searching the forums as these steps may be more
    difficult. Of course the new tools are probably Z6.0+.

    Best wishes,

  5. #5
    cedbobking's Avatar
    cedbobking is offline Trained Alumni
    Join Date
    Nov 2007
    Location
    Knoxville, TN
    Posts
    35
    Rep Power
    7

    Default GoDaddy Multi-Domain Certificate

    If anyone need to install a GoDaddy multi-domain certificate. We did the following when we created the CSR. It seems to be working on our system.

    Code:
    openssl req -new -key zimbra.key -subj "/C=$YOURCOUNTRY/ST=$YOURSTATE/L=$YOURCITY/O=$YOURORG/OU=Zimbra/CN=$DOMAIN1/CN=$DOMAIN2/CN=$DOMAIN3" -out zimbra.csr
    Obviously you should substitute $VARIABLE for and "relevant value" e.g. $DOMAIN1="mydomain.com", $DOMAIN2="zimbra.myotherdomain.org", etc.

    I got the idea from the bottom of this blog post.

    SSL System Howtos and Tutorials

    Hope that helps. We're going to 6 as soon as we can, but apparently not soon enough.

  6. #6
    rusty is offline Loyal Member
    Join Date
    Nov 2007
    Posts
    93
    Rep Power
    7

    Default

    Thanks so much markd!!!!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. SSL Certificate installation
    By premoddev in forum Administrators
    Replies: 1
    Last Post: 10-24-2012, 09:37 AM
  2. ssl certificate installation
    By sikander in forum Installation
    Replies: 10
    Last Post: 11-19-2009, 05:07 AM
  3. SSL Certificate Installation for Multidomain name
    By syedbilalmasaud in forum Installation
    Replies: 4
    Last Post: 10-05-2009, 07:07 AM
  4. Replies: 5
    Last Post: 04-27-2009, 06:53 PM
  5. SSL Certificate Installation Problem
    By tkramis in forum Administrators
    Replies: 5
    Last Post: 05-07-2008, 04:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •