However, when I try to do the same for the second domain, (domainB.com; these are with commercial certificates, BTW), I always get an error about CA/Private key not being correct in the webgui.
Through the CLI, I can verify and indeed overwrite my default domain's certs with the 2nd set of CA/Key/Cert files, so I know these files are correct.
1) concatentate the CAs into /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
2) temporarily copy the key file into /opt/zimbra/ssl/zimbra/commercial/commercial.key
3) as root, /opt/zimbra/bin/zmcertmgr deploycrt comm ServerCertificate.cer /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
** Verifying ServerCertificate.cer against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (ServerCertificate.cer) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: ServerCertificate.cer: OK
** Copying ServerCertificate.cer to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
cp: `/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' are the same file
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
** NOTE: mailboxd must be restarted in order to use the imported certificate.
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
4) as zimbra, zmcontrol restart
so after restart, when I go to the webmin or to any of the mailstores, I now get the certificate for domainB.com.
However, this just overwrites the default domain certs. I obviously want to get domainA.com certs when I go to e.g. mail.domainA.com or smtp.domainB.com, and domainB.com's certs, when I go to e.g. mail.domainB.com or smtp.domainB.com.
Anybody got any ideas, either why:
1) the WebGUI rejects certs when at CLI they are accepted? I did the same with the second domain as I did with the first, i.e. added the server cert, appended the CA cert to the server cert entry (making sure the ===end=== and ===begin=== were on separate lines) and adding the private key to the key entry.
2) how to install via CLI to a second virtual domain, rather than the default?
Thanks in advance!