Results 1 to 2 of 2

Thread: [Zimbra ZCS open source] Install commercial SSL certificate for apache

Hybrid View

  1. #1
    Join Date
    Jun 2011
    Posts
    13
    Rep Power
    4

    Default [Zimbra ZCS open source] Install commercial SSL certificate for apache

    Dear members,

    Last week, we've ordered a new commercial SSL certificate for our open source Zimbra 7 environment.

    Therefore, I have 3 files:
    • A csr file for requesting the commercial certificate (generated by the Zimbra web admin interface)
    • Commercial certificate in pem format (contains 1 begin and end certificate entry) (got from our SSL vendor)
    • Commercial certificate chain file in pem format (contains 3 times a begin and end certificate entry) (got from our SSL vendor)


    I've installed them into the web interface of our zimbra environment. After restarting the zimbra service, the new certificate was applied to the admin part (port 7071).

    However, it was not applied to the Apache web server that's being used for serving the webmail (port 443). Apache is still using the old certificate.

    I've taken a look into /etc/httpd/conf.d/ssl.conf and have those 3 lines in place (refering to the old certificates, not the new ones, apparently...):

    Code:
    SSLCertificateFile /path_to_commercial.crt
    SSLCertificateKeyFile /path_to_commercial.key
    SSLCertificateChainFile /path_to_commercial_ca.crt
    The SSLCertificateFile contains 3 begin and end entries (like the certificate chain certificate of our ssl vendor).
    SSLCertificateKeyFile contains a RSA private key entry.
    SSLCertificateChainFile contains 2 begin and end certificate entries

    As you may understand, I don't understand/know what files have to set here in place. The Zimbra and Apache environment was not set up by me (old colleague who's not working anymore for us).

    Currently, the webmail uses the old certificate, but because of the browser warnings (certificate expired) we want to apply the new certificate here as well.

    Someone who can help me with this matter?

    Thanks in advance.

  2. #2
    Join Date
    May 2012
    Posts
    7
    Rep Power
    3

    Default

    Quote Originally Posted by TomG View Post
    Dear members,

    Last week, we've ordered a new commercial SSL certificate for our open source Zimbra 7 environment.

    Therefore, I have 3 files:
    • A csr file for requesting the commercial certificate (generated by the Zimbra web admin interface)
    • Commercial certificate in pem format (contains 1 begin and end certificate entry) (got from our SSL vendor)
    • Commercial certificate chain file in pem format (contains 3 times a begin and end certificate entry) (got from our SSL vendor)


    I've installed them into the web interface of our zimbra environment. After restarting the zimbra service, the new certificate was applied to the admin part (port 7071).

    However, it was not applied to the Apache web server that's being used for serving the webmail (port 443). Apache is still using the old certificate.

    I've taken a look into /etc/httpd/conf.d/ssl.conf and have those 3 lines in place (refering to the old certificates, not the new ones, apparently...):

    Code:
    SSLCertificateFile /path_to_commercial.crt
    SSLCertificateKeyFile /path_to_commercial.key
    SSLCertificateChainFile /path_to_commercial_ca.crt
    The SSLCertificateFile contains 3 begin and end entries (like the certificate chain certificate of our ssl vendor).
    SSLCertificateKeyFile contains a RSA private key entry.
    SSLCertificateChainFile contains 2 begin and end certificate entries

    As you may understand, I don't understand/know what files have to set here in place. The Zimbra and Apache environment was not set up by me (old colleague who's not working anymore for us).

    Currently, the webmail uses the old certificate, but because of the browser warnings (certificate expired) we want to apply the new certificate here as well.

    Someone who can help me with this matter?

    Thanks in advance.
    I know this post is ancient, but I'm having the same apache expired cert issue.

    I used the self-signed certs generated by walking through the install of the admin gui page on the certificates menu. It fixed the ssl errors everywhere but for web client users...they see the old certificate that expired just last month. I didn't realize that the self-signed certs generated in the admin gui would not update the certs used by the web server. Any way to fix this?

Similar Threads

  1. Invalid SSL Certificate
    By buee in forum Administrators
    Replies: 6
    Last Post: 08-18-2011, 03:52 PM
  2. Replies: 5
    Last Post: 04-17-2011, 02:07 PM
  3. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 04:08 AM
  4. Installing commercial ssl on zimbra cs (network ed.)
    By keithop in forum Administrators
    Replies: 4
    Last Post: 04-28-2009, 05:16 PM
  5. Commercial SSL certtificate installation
    By Daryl Jones in forum Installation
    Replies: 6
    Last Post: 02-13-2006, 12:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •