Results 1 to 3 of 3

Thread: Install commercial SSL cert with zimbra 8 community?

  1. #1
    Join Date
    Sep 2008
    Posts
    15
    Rep Power
    7

    Default Install commercial SSL cert with zimbra 8 community?

    I have a single zimbra server with two domains, zimbra.mylocaldomain and mydomain.com (default). This system is not directly connected to the internet. Instead mydomain.com resolves to the IP of my firewall which runs apache and proxies zimbra webmail and does port forwards for imap etc. I just bought an SSL cert and installed it on my firewall (generated the CSR there too). Since the zimbra webmail is proxied that now shows the new SSL cert. Now I'm trying to do the same for imap/mta for mydomain.com on my zimbra server as those are still using the single self signed cert. How do I go about replacing that? The wiki page for setting up SSL per domain doesn't seem to help. I installed the proxy and have it running but there is nothing on how to actually configure it? Can I just replace the self signed cert for both zimbra.mylocaldomain and mydomain.com? I don't really use zimbra.mylocaldomain for anything other than to use the admin interface (which I do NOT proxy).

    Little confused as how to set this up and not finding a ton of documentation....

  2. #2
    Join Date
    Oct 2012
    Posts
    24
    Rep Power
    3

    Default

    do you mean you NAT to your zimbra server? I have a similar setup... where my MX record points to one of our public IP addresses that my Firewall owns... which then NAT's the traffic to my internal network Zimbra server...

    If so, I just installed the SSL cert via the Admin Console like you normally would... and all is good. The SSL cert's CSR was generated from the Zimbra box though... not from my firewall... since the SSL cert is based on hostname or CNAME, not IP address...

  3. #3
    Join Date
    Sep 2008
    Posts
    15
    Rep Power
    7

    Default

    For those that are interested I got this working. I skipped the complicated per domain SSL cert setup, I can deal with SSL errors for the admin interface. Steps:

    1. Copy mydomain.key from my firewall to /opt/zimbra/ssl/zimbra/commercial/commercial.key on my zimbra server (as root)
    2. Concatenation the two CA crt's I got into /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt (as root)
    3. Copy the mydomain.crt I got into /opt/zimbra/ssl/zimbra/commercial/commercial.crt (as root)
    4. Verify the certs work: /opt/zimbra/openssl/bin/openssl verify -CAfile commercial_ca.crt commercial.crt
    5. Deploy the cert: /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
    6. Restart zimbra

Similar Threads

  1. [SOLVED] 5.0.2NE and commercial cert install
    By tecnalb in forum Installation
    Replies: 10
    Last Post: 04-11-2012, 10:59 AM
  2. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  3. [SOLVED] Commercial SSL Cert Install Zimbra 5.x -- again
    By PhishKiller in forum Administrators
    Replies: 2
    Last Post: 12-10-2008, 06:03 PM
  4. Replies: 23
    Last Post: 05-06-2008, 03:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •