Results 1 to 4 of 4

Thread: multi-node commercial certificate installation?

  1. #1
    Join Date
    May 2008
    Location
    Taiwan
    Posts
    296
    Rep Power
    7

    Default multi-node commercial certificate installation?

    Dear All,

    i'm reading two wiki articles for certificate installation.

    CLI zmtlsctl to set Web Server Mode - Zimbra :: Wiki
    Administration Console and CLI Certificate Tools - Zimbra :: Wiki

    and in second article, it doesn't include the "multi-node commercial certificate", i'm wonder if it's same as single-node commercial certificate installation???

    any advice?
    Thanks.

  2. #2
    Join Date
    May 2010
    Posts
    35
    Rep Power
    5

    Default

    We had a really interesting experience learning the exact steps for a multi-node commercial certificate install.

    First of all, our csr includes the Common Name of webmail.ourdomain.com, and in the Subject Alt Names we list all of our server names (ldap1.ourdomain.com,ldap2.,mta1.,mta2.,store1., etc.) as well as the names we give to our users (webmail.ourdomain.com, smtp.ourdomain.com, imap.ourdomain.com, etc).

    With that csr we purchased our certificate from Geotrust and after a bit of trial and error, realized these steps work flawlessly:

    In /tmp place:
    ca.crt (downloaded from Geotrust website)
    ca_intermediary.crt (downloaded from Geotrust website)
    commercial.crt (purchased from Geotrust)

    In /opt/zimbra/ssl/zimbra/commercial place:
    commercial.key
    commercial.csr
    (these are originally from the server the csr was created on, both were created when we generated the csr)

    cat /tmp/ca.crt /tmp/ca_intermediary.crt > /tmp/ca_chain.crt

    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt

    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt

    zmcontrol stop
    zmcontrol start

    We performed these steps on each of the servers and we were up and running.

    Thanks,

    Eric

  3. #3
    Join Date
    Jun 2010
    Posts
    198
    Rep Power
    5

    Default

    Hey...

    thanks for sharing the info.... and happy that all worked out for you.....


  4. #4
    Join Date
    Jul 2009
    Posts
    51
    Rep Power
    6

    Default

    Hi,

    I also want to install a commercial certificate. I also want to know

    I think first of all we need the below

    su - zimbra
    zmtlsctl mixed

    Am I right?


    In /tmp place:
    ca.crt (downloaded from Geotrust website)
    ca_intermediary.crt (downloaded from Geotrust website)

    I searched ca.crt and ca_intermediary.crt from Geotrust website to download. I could NOT find it.
    How to download? can you provide links for them?


    In /opt/zimbra/ssl/zimbra/commercial place:
    commercial.key
    commercial.csr

    (these are originally from the server the csr was created on, both were created when we generated the csr)

    I think given below is the command for it ? Am I right?

    /opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=US/ST=CA/L=Sunnyvale/O=Yahoo/OU=Zimbra Collaboration Suite" -subjectAltNames host.example.com


    Pls help me to go ahead?

Similar Threads

  1. [SOLVED] Deploy new commercial certificate
    By CrypTom in forum Administrators
    Replies: 1
    Last Post: 07-30-2010, 12:16 AM
  2. persistent errors comodo ssl certificate installation
    By ITelligencia in forum Installation
    Replies: 1
    Last Post: 12-10-2009, 11:23 AM
  3. Problem with Commercial Certificate in 5.0.9 GA
    By bibo in forum Administrators
    Replies: 3
    Last Post: 09-17-2008, 07:03 AM
  4. Replies: 1
    Last Post: 06-17-2008, 07:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •