Hello!
I already tried some searching in here, but maybe overread it so sorry if its adouble post...
i have a commercial certificate installed on my zimbra 8.0.5 version.
because my certificate is running out, my provider sent me a new CRT file, so whats the best way to update this now ?
in the gui somehow or on the command line ?
thanks in advance
cheers
Renew Certificate
-
- Advanced member
- Posts: 197
- Joined: Sat Sep 13, 2014 3:52 am
- ZCS/ZD Version: Zimbra Collaboration 8.7
Renew Certificate
Hi winston6071,
Please follow these steps - Instalar un Certificado SSL comercial en nuestro servidor Zimbra » Blog de Jorge de la Cruz please look into the last steps. Do you have the last csr and private key, the same from the last time?
Best regards
Please follow these steps - Instalar un Certificado SSL comercial en nuestro servidor Zimbra » Blog de Jorge de la Cruz please look into the last steps. Do you have the last csr and private key, the same from the last time?
Best regards
-
- Posts: 17
- Joined: Sat Sep 13, 2014 2:37 am
Renew Certificate
[quote user="jorgedelacruz.es"]Hi winston6071,
Please follow these steps - Instalar un Certificado SSL comercial en nuestro servidor Zimbra » Blog de Jorge de la Cruz please look into the last steps. Do you have the last csr and private key, the same from the last time?
Best regards[/QUOTE]
Hey thanks for Answer!
the Problem is i got 2 files one is called
STAR_mydomain_com.ca-bundle
and the other one
STAR_mydomain_com.crt
so the only thing to do is using this command ?
zimbra@vps:/opt/zimbra/ssl/zimbra/commercial# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt STAR_mydomain_com.crt
do i need this command after the above ?
zimbra@vps:/opt/zimbra/ssl/zimbra/commercial# /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt
and yes i have the former used csr and key files ... ???
-----
i can remember i combined some files last time to make it work ... but i am not sure which ones ....
1. maybe i have to combine the bundle file with the crt file and then use the command below
2. or do i have to combine the old csr file with the old key file and with the new STAR_mydomain_com.crt file
/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt STAR_mydomain_com_combined_file.crt
have to be precise dont wanna screw up my production server
Please follow these steps - Instalar un Certificado SSL comercial en nuestro servidor Zimbra » Blog de Jorge de la Cruz please look into the last steps. Do you have the last csr and private key, the same from the last time?
Best regards[/QUOTE]
Hey thanks for Answer!
the Problem is i got 2 files one is called
STAR_mydomain_com.ca-bundle
and the other one
STAR_mydomain_com.crt
so the only thing to do is using this command ?
zimbra@vps:/opt/zimbra/ssl/zimbra/commercial# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt STAR_mydomain_com.crt
do i need this command after the above ?
zimbra@vps:/opt/zimbra/ssl/zimbra/commercial# /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt
and yes i have the former used csr and key files ... ???
-----
i can remember i combined some files last time to make it work ... but i am not sure which ones ....
1. maybe i have to combine the bundle file with the crt file and then use the command below
2. or do i have to combine the old csr file with the old key file and with the new STAR_mydomain_com.crt file
/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt STAR_mydomain_com_combined_file.crt
have to be precise dont wanna screw up my production server
Renew Certificate
Create your commercial-ca.crt file as follows: (this is for a Comodo, which it appears your cert may be from as well):
cat /tmp/AddTrustExternalCARoot.crt /tmp/STAR_mydomain.com.ca-bundle > /tmp/commercial-ca.crt
Then, make sure your private kjey file is stored as /opt/zimbra/ssl/zimbra/commercial/commercial.key
The following is the command I used when I renewed certs last:
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/STAR_mydomain_com.crt /tmp/commercial-ca.crt
cat /tmp/AddTrustExternalCARoot.crt /tmp/STAR_mydomain.com.ca-bundle > /tmp/commercial-ca.crt
Then, make sure your private kjey file is stored as /opt/zimbra/ssl/zimbra/commercial/commercial.key
The following is the command I used when I renewed certs last:
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/STAR_mydomain_com.crt /tmp/commercial-ca.crt
-
- Posts: 17
- Joined: Sat Sep 13, 2014 2:37 am
Renew Certificate
Thanks guys you brought some light into this too.
To give back the consolidated info to the forum, to have a way to go, hopefully clear and easy to understand.
Update as we did it now, which is quite the same people wrote here too, so thanks for your help guys :
1. key files from last CSR request do not exist:
if you do not have the former used key file from the last CSR request, you need to to the whole thing again create the CSR and request a kompletely new ZERT from your CA... and copy all the files into the "/opt/zimbra/ssl/zimbra/commercial/" directory if not already there --> You can do this in Admin GUI as well i think. Interesting link
2. former used key and priv files exist JUST UPDATING:
If you do have the existing .key file which was used for the last csr generating for the certificate, you might just do the following.
the files are still in in the directory "/opt/zimbra/ssl/zimbra/commercial/commercial.key" so no action needed.
- do the following:
write this file :
Intermediate (domain.ca-bundle -- STAR_domain_com.ca-bundle received from ca after renew of cert ZIP file -- )
and write this file :
Root-CA (AddTrustxxxx.crt -- Comodo Root CA, download from COMODO --)
after each other into one file:
cat files into >> cabundle.pem
write this file :
Domain-certificate into: ( -- STAR_domainname_com.crt received from CA ZIP file -- )
cat > domain.pem
verify certificate-Chain with openssl:
/opt/zimbra/openssl/bin/openssl verify -CAfile cabundle.pem domain.pem
import certificate into Zimbra:
/opt/zimbra/bin/zmcertmgr deploycrt comm domain.pem cabundle.pem
restart Zimbra
hope this helps someone else who is doing this as seldomly as I am and thus never knows which file means what
To give back the consolidated info to the forum, to have a way to go, hopefully clear and easy to understand.
Update as we did it now, which is quite the same people wrote here too, so thanks for your help guys :
1. key files from last CSR request do not exist:
if you do not have the former used key file from the last CSR request, you need to to the whole thing again create the CSR and request a kompletely new ZERT from your CA... and copy all the files into the "/opt/zimbra/ssl/zimbra/commercial/" directory if not already there --> You can do this in Admin GUI as well i think. Interesting link
2. former used key and priv files exist JUST UPDATING:
If you do have the existing .key file which was used for the last csr generating for the certificate, you might just do the following.
the files are still in in the directory "/opt/zimbra/ssl/zimbra/commercial/commercial.key" so no action needed.
- do the following:
write this file :
Intermediate (domain.ca-bundle -- STAR_domain_com.ca-bundle received from ca after renew of cert ZIP file -- )
and write this file :
Root-CA (AddTrustxxxx.crt -- Comodo Root CA, download from COMODO --)
after each other into one file:
cat files into >> cabundle.pem
write this file :
Domain-certificate into: ( -- STAR_domainname_com.crt received from CA ZIP file -- )
cat > domain.pem
verify certificate-Chain with openssl:
/opt/zimbra/openssl/bin/openssl verify -CAfile cabundle.pem domain.pem
import certificate into Zimbra:
/opt/zimbra/bin/zmcertmgr deploycrt comm domain.pem cabundle.pem
restart Zimbra
hope this helps someone else who is doing this as seldomly as I am and thus never knows which file means what