Having been playing with commercial certs for a few days and I wondered if anyone had found a way to restore certs using keytool from the .key and .crt files.
What is clear is the wiki way to install certs works fine for the basic tomcat stuff as you have a sequence of Create Store, Request Cert from a CA, Import Cert from CA (and any intermediates) and restart Zimbra services.
I used the java routine in the wiki to extract the .key file, and backed up the whole of Zimbra and the crt files. Then started playing with all sorts of SSL cert stuff till it eventually broke. Then I expected to be able to use the .key and the .crt files to recreate the keystore in a clean install of Zimbra, simulating a disaster recovery scenario, but I cant do it. Tried using zmcertinstall but although there is no error on the command line it shows up in the mailbox log as
javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
and no https or other SSL is available.
So I am looking for a way of perhaps using the key file and keytool to somehow import it. Looking at all the FAQs and manuals around they seem to be geared to the create/request/import cycle not the aagghhhh server died now where are the crt and key files cycle ;-)
Tried daft stuff like creating a new csr and seeing if the crt will import against it but the key is obviously going to be different. Worth mentioning at each new attempt I am starting with a clean Zimbra install.
Anyone have any ideas? I have the original keystore and crts backup still if that helps.
Need to have some form of recovery for DR purposes or to know the risks at least, before it happens on a live system!