Results 1 to 2 of 2

Thread: 32 bit 6.0.14 --> 64 bit 6.0.14 --> 8.0.2 Commercial Cert Issue

Hybrid View

  1. #1
    Join Date
    Dec 2007
    Location
    Stockton, CA
    Posts
    164
    Rep Power
    8

    Default 32 bit 6.0.14 --> 64 bit 6.0.14 --> 8.0.2 Commercial Cert Issue

    I performed the painful migration from 32 bit 6.0.14 to 64 bit 8.0.2 yesterday. It was only painful for 2 reasons. 1) we have a TON of email, and 2) I was unable to get our commercal SSL certificate (Register.com) to work after going from 32 bit 6.0.14 (Debian 4.0) to 64 bit 6.0.14 (Ubuntu 10.04 LTS).

    I was able to complete the migration and upgrade by generating a self-signed certificate following the steps for "Singe-Node Self-Signed Certificate" here (Administration Console and CLI Certificate Tools - Zimbra :: Wiki).

    My question is, what's the best method of going about attempting to install our commercial certificate given that I do not need to generate a CSR? Is it as simple as copying the /opt/zimbra/ssl/zimbra folder over to the new server and following the directions from the link above under "Single-Node Commercial Certificate" omitting the first step? Following these steps failed under 64 bit 6.0.14, so I'm nervous about mucking up what seems to be a perfectly functioning 8.0.2 install!

    Has anything changed in 8.0.x to affect the documentation around working with SSL certs via CLI?

    Any help would be much appreciated.

  2. #2
    Join Date
    Dec 2007
    Location
    Stockton, CA
    Posts
    164
    Rep Power
    8

    Default

    Just in case anyone else runs into trouble, here are the steps I took in successfully installing our Register.com Essential SSL cert on our 8.0.2 server.

    1. Re-downloaded the certificate, two intermediary certificates, and one root certificate from your Register.com account.
    2. Copied all 4 files to our Zimbra 8.0.2 server to a temp directory.
    3. Copied the commercial.key file from our 6.0.14 server (/opt/zimbra/ssl/zimbra/commercial/commercial.key) to the same location on our 8.0.2 server and gave it "chown root:root" and "chmod 740".
    4. Combined the intermediary and root certificates like so:
      Code:
      root@cottontail:~# cat Intermediary_Certificate_2.crt Intermediary_Certificate_1.crt Root_Certificate.crt > ca_chain.crt
    5. Edited the new ca_chain.crt in vim to add a return between the -----END CERTIFICATE----- and -----BEGIN CERTIFICATE----- for each.
    6. Renamed certificate.crt to commercial.crt
    7. Verified that the certificate, chained certs, and key match. As root:
      Code:
      root@cottontail:~# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmpfolder/commercial.crt /tmpfolder/ca_chain.crt
    8. Everything looked good, so I installed the certificate. Again, as root:
      Code:
      root@cottontail:~# /opt/zimbra/bin/zmcertmgr deploycrt comm /tmpfolder/commercial.crt /tmpfolder/ca_chain.crt
    9. Restarted Zimbra. As zimbra user, of course:
      Code:
      zimbra@cottontail:~$ zmcontrol restart


    Taadaa!

Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  2. New Commercial Cert Did Not Take for IMAPS
    By Chewie71 in forum Administrators
    Replies: 1
    Last Post: 11-06-2008, 08:26 AM
  3. Replies: 2
    Last Post: 03-25-2007, 10:40 PM
  4. Commercial SSL Cert
    By alexz in forum Installation
    Replies: 19
    Last Post: 10-13-2006, 11:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •