Results 1 to 4 of 4

Thread: Commercial wildcard certificates

  1. #1
    Join Date
    Oct 2006
    Posts
    4
    Rep Power
    9

    Default Commercial wildcard certificates

    The Commercial Certificate document is a little confusing as it is but has anyone had any luck using this document to install a wildcard SSL cert? I have a wildcard cert that I would like to install but it also requires that a CA cert be imported somehow and I can't really find enough documentation about keytool to know how one would approach this problem.

    Thanks for any help/pointers.

  2. #2
    Join Date
    Nov 2006
    Posts
    7
    Rep Power
    9

    Default

    I too have this question. I havn't installed the cert yet because if appears WM5 devices don't like wildcard certs? Are there special instructions though on the installation? I don't need the CSR step, right?

    -Chris

  3. #3
    Join Date
    Jul 2006
    Location
    ireland
    Posts
    388
    Rep Power
    9

    Default

    Quote Originally Posted by strandtc View Post
    I too have this question. I havn't installed the cert yet because if appears WM5 devices don't like wildcard certs? Are there special instructions though on the installation? I don't need the CSR step, right?

    -Chris
    hi Chris,
    i had the same issues put a link to the solution here:
    http://www.zimbra.com/forums/showthread.php?t=7949:
    also:
    http://wiki.zimbra.com/index.php?tit...e_Device_Setup

  4. #4
    Join Date
    Jul 2006
    Location
    ireland
    Posts
    388
    Rep Power
    9

    Default quick and nasty script

    Quote Originally Posted by nvalentine View Post
    The Commercial Certificate document is a little confusing as it is but has anyone had any luck using this document to install a wildcard SSL cert? I have a wildcard cert that I would like to install but it also requires that a CA cert be imported somehow and I can't really find enough documentation about keytool to know how one would approach this problem.

    Thanks for any help/pointers.
    Did a quick and nasty script to do this:

    run this from the directory your certificates are in ON A TEST SERVER!!!:
    update request_domain to be your own domain

    it works for me with a cerificate from http://certs.ipsca.com/ ( which is free to .edu 's)
    check out http://certs.ipsca.com/support/CSRJakarta-Tomcat.asp first.

    NO WARRANTY on this RUN AT YOUR OWN RISK!

    Please debug this before using

    Code:
    ################################################################################################################
    # set the doamin
    ################################################################################################################
    request_domain='email.mydomain.com'
    
    ################################################################################################################
    #copy the ssl files to tmp so user zimbra can access
    ################################################################################################################
    mkdir -p /tmp/ssl
    cp -f * /tmp/ssl
    chmod -R 777 /tmp/ssl
    
    ################################################################################################################
    # NB: THE ORDER is important
    ################################################################################################################
    
    
    ###########################################################################################################
    # update apache-tomcat cert
    ################################################################################################################
    su - zimbra -c 'echo y |keytool -import -alias root -keystore /tmp/ssl/'$request_domain'.keystore -trustcacerts -file /tmp/ssl/root_der.cer -storepass zimbra'
    su - zimbra -c 'keytool -import -alias chain -keystore /tmp/ssl/'$request_domain'.keystore -trustcacerts -file /tmp/ssl/chain_der.cer -storepass zimbra'
    su - zimbra -c 'keytool -import -alias tomcat -keystore /tmp/ssl/'$request_domain'.keystore -trustcacerts -file /tmp/ssl/'$request_domain'.p7b -storepass zimbra'
    #use this keystore in /opt/zimbra/tomcat/conf/keystore (/opt/zimbra/tomcat/conf/server.xml uses this)
    su - zimbra -c 'cp -f /opt/zimbra/tomcat/conf/keystore /opt/zimbra/tomcat/conf/keystore.old'
    su - zimbra -c 'cp -f /tmp/ssl/'$request_domain'.keystore /opt/zimbra/tomcat/conf/keystore'
    
    ###########################################################################################################
    # update java cert (ca will fail without this!) 
    ################################################################################################################
    chmod a+w /opt/zimbra/java/jre/lib/security/cacerts
    cp -f /opt/zimbra/java/jre/lib/security/cacerts  /opt/zimbra/java/jre/lib/security/cacerts.old
    su - zimbra -c 'keytool -delete -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit'
    su - zimbra -c 'keytool -delete -alias chain -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit'
    su - zimbra -c 'keytool -delete -alias tomcat -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit'
    
    su - zimbra -c 'echo y |keytool -import -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -file /tmp/ssl/root_der.cer -trustcacerts -storepass changeit'
    su - zimbra -c 'keytool -import -alias chain -keystore /opt/zimbra/java/jre/lib/security/cacerts -file /tmp/ssl/chain_der.cer -trustcacerts -storepass changeit'
    su - zimbra -c 'keytool -import -alias tomcat -keystore /opt/zimbra/java/jre/lib/security/cacerts -file /tmp/ssl/'$request_domain'.cer -trustcacerts -storepass changeit'
    chmod a-w /opt/zimbra/java/jre/lib/security/cacerts
    
    su - zimbra -c 'tomcat restart'
    
    ################################################################################################################
    #remove tmp ssl files 
    ################################################################################################################
    rm -rf /tmp/ssl
    
    ################################################################################################################
    #To Update the login use:
    ################################################################################################################
    su - zimbra -c 'zmtlsctl mixed' # or 'zmtlsctl https'
    su - zimbra -c 'tomcat restart'

Similar Threads

  1. Wildcard SSL Certificates?
    By James Brinkerhoff in forum Administrators
    Replies: 1
    Last Post: 06-15-2012, 11:23 AM
  2. [SOLVED] Installing existing SSL certificates (solved)
    By inigoml in forum Administrators
    Replies: 22
    Last Post: 02-24-2009, 10:32 AM
  3. Commercial SSL Certificates and IMAP/POP
    By manthrax3 in forum Administrators
    Replies: 8
    Last Post: 10-27-2007, 05:43 PM
  4. Replies: 2
    Last Post: 07-01-2007, 12:13 PM
  5. Replies: 2
    Last Post: 09-11-2006, 02:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •