I am testing ZCS 7.2.1 (64bit on ubuntu 10.04) with multiple virtual domain support, let's say domainA.com and domainB.com. I've been able to install certs for the default domain (domainA.com) via the WebGUI / certificates tab.
However, when I try to do the same for the second domain, (domainB.com; these are with commercial certificates, BTW), I always get an error about CA/Private key not being correct in the webgui.
Through the CLI, I can verify and indeed overwrite my default domain's certs with the 2nd set of CA/Key/Cert files, so I know these files are correct.
1) concatentate the CAs into /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
2) temporarily copy the key file into /opt/zimbra/ssl/zimbra/commercial/commercial.key
3) as root, /opt/zimbra/bin/zmcertmgr deploycrt comm ServerCertificate.cer /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
4) as zimbra, zmcontrol restart
** Verifying ServerCertificate.cer against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (ServerCertificate.cer) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: ServerCertificate.cer: OK
** Copying ServerCertificate.cer to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
cp: `/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' are the same file
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
** NOTE: mailboxd must be restarted in order to use the imported certificate.
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
so after restart, when I go to the webmin or to any of the mailstores, I now get the certificate for domainB.com.
However, this just overwrites the default domain certs. I obviously want to get domainA.com certs when I go to e.g. mail.domainA.com or smtp.domainB.com, and domainB.com's certs, when I go to e.g. mail.domainB.com or smtp.domainB.com.
Anybody got any ideas, either why:
1) the WebGUI rejects certs when at CLI they are accepted? I did the same with the second domain as I did with the first, i.e. added the server cert, appended the CA cert to the server cert entry (making sure the ===end=== and ===begin=== were on separate lines) and adding the private key to the key entry.
2) how to install via CLI to a second virtual domain, rather than the default?
Thanks in advance!