Results 1 to 1 of 1

Thread: not able to extend duration for self signed certificate

  1. #1
    Join Date
    Dec 2007
    Posts
    445
    Rep Power
    7

    Default not able to extend duration for self signed certificate

    Hi Guys,

    I am trying to regenerate self- signed certificate with 3650 days but still its keep showing me 365 days...

    i refered some post in this forum and came to know that it was hardcoded in script and Bug # 12228 has been raised for the same. IS it still pending or got resolved ??

    I am using 5.0.13 version and followed below steps :


    ################################################## ##

    2. Remove old SSL
    rm -rf /opt/zimbra/ssl
    mkdir /opt/zimbra/ssl
    chown zimbra:zimbra /opt/zimbra/ssl

    3. Remove the self-signed root certificate from the cacerts keystore and mailboxd keysore
    chmod 644 /opt/zimbra/java/jre/lib/security/cacerts
    su - zimbra
    keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit


    chown zimbra:zimbra /opt/zimbra/mailboxd/etc/keystore
    chmod 644 /opt/zimbra/mailboxd/etc/keystore
    zmlocalconfig -s -m nokey mailboxd_keystore_password
    keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass <new password>

    4. Perform optional stpes if would like to set your hostname as CN

    vi /opt/zimbra/conf/zmssl.cnf.in
    [change section to appear as below]
    0.organizationName = Zimbra
    0.organizationName_default = Zimbra
    # we can do this but it is not needed normally :-)
    #1.organizationName = Second Organization Name (eg, company)
    #1.organizationName_default = World Wide Web Pty Ltd
    organizationalUnitName = Zimbra
    organizationalUnitName_default = Zimbra
    commonName = <put your hostname here -- @@HOSTNAME@@ doesn't seem to work>
    commonName_max = 64
    commonName_default = <put your hostname here -- @@HOSTNAME@@ doesn't seem to work>


    And made below changes :

    default_days = 3650

    5. Create CA ( as root )

    /opt/zimbra/bin/zmcertmgr createca -new

    6.Install Server CA files

    /opt/zimbra/bin/zmcertmgr deployca -localonly

    7. Create the server certificate ( as root )

    /opt/zimbra/bin/zmcertmgr createcrt self -new -days 3650

    8. Install the server certificate


    /opt/zimbra/bin/zmcertmgr deploycrt self

    9. Compare updated LDAP with contents of /opt/zimbra/ssl/ssl/ca ( as zimbra)

    zmprov -l gcf zimbraCertAuthorityKeySelfSigned
    zmprov -l gcf zimbraCertAuthorityCertSelfSigned

    10. Restart Zimbra :

    zmcontrol stop
    zmcontrol start

    /opt/zimbra/bin/zmcertmgr viewdeployedcrt all

    ##################################################


    Please suggest and correct me if i am doing any mistake in above mentioned steps....

    Thanks
    Last edited by chandu; 11-05-2009 at 08:16 AM.

Similar Threads

  1. How to prolong the duration of certificate?
    By marisu in forum Developers
    Replies: 2
    Last Post: 07-03-2009, 02:29 AM
  2. Commercially signed certificate
    By rpc in forum Installation
    Replies: 1
    Last Post: 10-06-2008, 09:24 AM
  3. Installing Commercially signed Certificate.
    By ayush1440 in forum Administrators
    Replies: 2
    Last Post: 09-15-2008, 09:44 PM
  4. Replies: 1
    Last Post: 11-05-2007, 05:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •