{"id":3474,"date":"2014-08-21T12:10:28","date_gmt":"2014-08-21T04:10:28","guid":{"rendered":"http:\/\/rmohan.com\/?p=3474"},"modified":"2014-08-21T12:10:28","modified_gmt":"2014-08-21T04:10:28","slug":"zimbra-creating-self-signed-certifiate-ucsc-zimbra","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=3474","title":{"rendered":"Zimbra Creating self-signed certifiate UCSC Zimbra"},"content":{"rendered":"<p>Zimbra Creating self-signed certifiate<br \/>\nUCSC Zimbra<br \/>\n===========<\/p>\n<p>Backup Existing Commertical Certs<br \/>\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<\/p>\n<p># cd \/opt\/zimbra\/ssl\/zimbra\/commercial\/<br \/>\n# mkdir -p DigiCert_old<br \/>\n# cp commercial* .\/DigiCert_old<\/p>\n<p># cd \/opt\/zimbra\/ssl\/zimbra\/server<br \/>\n# mkdir -p Server_old<br \/>\n# cp server.* Server_old<\/p>\n<p># cd \/opt\/zimbra\/bin<br \/>\nCreating a CA<br \/>\n&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p># .\/zmcertmgr createca -new<br \/>\n** Creating \/opt\/zimbra\/ssl\/zimbra\/ca\/zmssl.cnf&#8230;done<br \/>\n** Creating CA private key \/opt\/zimbra\/ssl\/zimbra\/ca\/ca.key&#8230;done.<br \/>\n** Creating CA cert \/opt\/zimbra\/ssl\/zimbra\/ca\/ca.pem&#8230;done.<\/p>\n<p>Creating Certs<br \/>\n&#8212;&#8212;&#8212;&#8212;&#8211;<\/p>\n<p># .\/zmcertmgr createcrt -new -days 365<br \/>\nValidation days: 365<br \/>\n** Creating \/opt\/zimbra\/conf\/zmssl.cnf&#8230;done<br \/>\n** Backup \/opt\/zimbra\/ssl\/zimbra to \/opt\/zimbra\/ssl\/zimbra.20110423123012<br \/>\n** Generating a server csr for download self -new -keysize 1024<br \/>\n** Creating \/opt\/zimbra\/conf\/zmssl.cnf&#8230;done<br \/>\n** Backup \/opt\/zimbra\/ssl\/zimbra to \/opt\/zimbra\/ssl\/zimbra.20110423123012<br \/>\n** Creating server cert request \/opt\/zimbra\/ssl\/zimbra\/server\/server.csr&#8230;done.<br \/>\n** Saving server config key zimbraSSLPrivateKey&#8230;failed.<br \/>\n** Signing cert request \/opt\/zimbra\/ssl\/zimbra\/server\/server.csr&#8230;done.<br \/>\nDeploy the certificate<br \/>\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p>#.\/zmcertmgr deploycrt self<br \/>\n** Saving server config key zimbraSSLCertificate&#8230;failed.<br \/>\n** Saving server config key zimbraSSLPrivateKey&#8230;failed.<br \/>\n** Installing mta certificate and key&#8230;done.<br \/>\n** Installing slapd certificate and key&#8230;done.<br \/>\n** Installing proxy certificate and key&#8230;done.<br \/>\n** Creating pkcs12 file \/opt\/zimbra\/ssl\/zimbra\/jetty.pkcs12&#8230;done.<br \/>\n** Creating keystore file \/opt\/zimbra\/mailboxd\/etc\/keystore&#8230;done.<br \/>\n** Installing CA to \/opt\/zimbra\/conf\/ca&#8230;done.<br \/>\nDeploy the CA<br \/>\n&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p># .\/zmcertmgr deployca<br \/>\n** Importing CA \/opt\/zimbra\/ssl\/zimbra\/ca\/ca.pem into CACERTS&#8230;done.<br \/>\n** Saving global config key zimbraCertAuthorityCertSelfSigned&#8230;failed.<br \/>\n** Saving global config key zimbraCertAuthorityKeySelfSigned&#8230;failed.<br \/>\n** Copying CA to \/opt\/zimbra\/conf\/ca&#8230;done.<br \/>\nVerify the certificate was deployed to all the services<br \/>\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p># .\/zmcertmgr deployca<br \/>\n** Importing CA \/opt\/zimbra\/ssl\/zimbra\/ca\/ca.pem into CACERTS&#8230;done.<br \/>\n** Saving global config key zimbraCertAuthorityCertSelfSigned&#8230;failed.<br \/>\n** Saving global config key zimbraCertAuthorityKeySelfSigned&#8230;failed.<br \/>\n** Copying CA to \/opt\/zimbra\/conf\/ca&#8230;done.<br \/>\nView the Certificate<br \/>\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<\/p>\n<p>debian-zimbra:\/opt\/zimbra\/bin# .\/zmcertmgr viewdeployedcrt<br \/>\n::service mta::<br \/>\nnotBefore=Apr 23 07:00:14 2011 GMT<br \/>\nnotAfter=Apr 22 07:00:14 2012 GMT<br \/>\nsubject= \/C=US\/ST=N\/A\/O=Zimbra Collaboration Suite\/OU=Zimbra Collaboration Suite\/CN=mail.ucsc.cmb.ac.lk<br \/>\nissuer= \/C=US\/ST=N\/A\/L=N\/A\/O=Zimbra Collaboration Suite\/OU=Zimbra Collaboration Suite\/CN=mail.ucsc.cmb.ac.lk<br \/>\nSubjectAltName=<br \/>\n::service proxy::<br \/>\nnotBefore=Apr 23 07:00:14 2011 GMT<br \/>\nnotAfter=Apr 22 07:00:14 2012 GMT<br \/>\nsubject= \/C=US\/ST=N\/A\/O=Zimbra Collaboration Suite\/OU=Zimbra Collaboration Suite\/CN=mail.ucsc.cmb.ac.lk<br \/>\nissuer= \/C=US\/ST=N\/A\/L=N\/A\/O=Zimbra Collaboration Suite\/OU=Zimbra Collaboration Suite\/CN=mail.ucsc.cmb.ac.lk<br \/>\nSubjectAltName=<br \/>\n::service mailboxd::<br \/>\nnotBefore=Apr 23 07:00:14 2011 GMT<br \/>\nnotAfter=Apr 22 07:00:14 2012 GMT<br \/>\nsubject= \/C=US\/ST=N\/A\/O=Zimbra Collaboration Suite\/OU=Zimbra Collaboration Suite\/CN=mail.ucsc.cmb.ac.lk<br \/>\nissuer= \/C=US\/ST=N\/A\/L=N\/A\/O=Zimbra Collaboration Suite\/OU=Zimbra Collaboration Suite\/CN=mail.ucsc.cmb.ac.lk<br \/>\nSubjectAltName=<br \/>\n::service ldap::<br \/>\nnotBefore=Apr 23 07:00:14 2011 GMT<br \/>\nnotAfter=Apr 22 07:00:14 2012 GMT<br \/>\nsubject= \/C=US\/ST=N\/A\/O=Zimbra Collaboration Suite\/OU=Zimbra Collaboration Suite\/CN=mail.ucsc.cmb.ac.lk<br \/>\nissuer= \/C=US\/ST=N\/A\/L=N\/A\/O=Zimbra Collaboration Suite\/OU=Zimbra Collaboration Suite\/CN=mail.ucsc.cmb.ac.lk<br \/>\nSubjectAltName=<br \/>\n==============================================================================================================<br \/>\n== &#8211; ZMCERTMGR Help &#8211; ==<br \/>\n==============================================================================================================<\/p>\n<p>.\/zmcertmgr -help<br \/>\n.\/zmcertmgr createca [-new] [-keysize 1024] [-subject subject]<br \/>\n.\/zmcertmgr deployca<br \/>\n.\/zmcertmgr createcsr &lt;self|comm&gt; [-new] [-keysize 1024] [-subject subject] [-subjectAltNames &#8220;host1,host2&#8221;]<br \/>\n.\/zmcertmgr createcrt [-new] [-days validation days] [-keysize 1024] [-subject subject] [-subjectAltNames &#8220;host1,host2&#8221;]<br \/>\n.\/zmcertmgr deploycrt &lt;self&gt;<br \/>\n.\/zmcertmgr deploycrt &lt;comm&gt; [certfile] [ca_chain_file]<br \/>\n.\/zmcertmgr savecrt<br \/>\n.\/zmcertmgr viewcsr &lt;self|comm&gt; [csr_file]<br \/>\n.\/zmcertmgr viewdeployedcrt [all|ldap|mta|proxy|mailboxd]<br \/>\n.\/zmcertmgr viewstagedcrt &lt;self|comm&gt; [certfile]<br \/>\n.\/zmcertmgr verifycrt &lt;self|comm&gt; [priv_key] [certfile]<br \/>\n.\/zmcertmgr verifycrtchain &lt;ca_file&gt; &lt;certfile&gt;<br \/>\n.\/zmcertmgr checkcrtexpiration [-days 30] [service]<br \/>\n.\/zmcertmgr addcacert &lt;certfile&gt;<br \/>\n.\/zmcertmgr migrate<\/p>\n<p>Comments:<br \/>\n&#8211; Default &lt;certfile&gt;<br \/>\nself-signed \/opt\/zimbra\/ssl\/zimbra\/server\/server.crt<br \/>\ncommerical \/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt<br \/>\n&#8211; Default &lt;priv_key&gt;<br \/>\nself-signed \/opt\/zimbra\/ssl\/zimbra\/server\/server.key<br \/>\ncommercial \/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key<br \/>\n&#8211; Default &lt;subject&gt;<br \/>\n&#8220;\/C=US\/ST=N\\\/A\/L=N\\\/A\/O=Zimbra Collaboration Suite\/OU=Zimbra Collaboration Suite\/CN=mail.ucsc.cmb.ac.lk&#8221;<br \/>\n&#8211; Default RSA &lt;keysize&gt; is 1024.<br \/>\n&#8211; Default &lt;validation_days&gt; is 365.<br \/>\n&#8211; Default &lt;csr_file&gt; is<br \/>\n&#8211; deploycrt self installs the certificates using self signed csr in \/opt\/zimbra\/ssl\/zimbra\/server<br \/>\n&#8211; deploycrt comm installs the certificates using commercially signed certificate in \/opt\/zimbra\/ssl\/zimbra\/commercial<br \/>\n&#8211; verifycrt &lt;self|comm&gt; compares openssl md5 [priv_key] and [certfile].<br \/>\n&#8211; migrate moves certs\/keys from ZCS installs prior to version 5.0.x<br \/>\n&#8211; addcacert appends an otherwise untrusted ssl certificate to the cacerts file.<br \/>\nThis is primarily for allowance of untrusted ssl certificates in external data sources.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zimbra Creating self-signed certifiate UCSC Zimbra ===========<\/p>\n<p>Backup Existing Commertical Certs &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<\/p>\n<p># cd \/opt\/zimbra\/ssl\/zimbra\/commercial\/ # mkdir -p DigiCert_old # cp commercial* .\/DigiCert_old<\/p>\n<p># cd \/opt\/zimbra\/ssl\/zimbra\/server # mkdir -p Server_old # cp server.* Server_old<\/p>\n<p># cd \/opt\/zimbra\/bin Creating a CA &#8212;&#8212;&#8212;&#8212;-<\/p>\n<p># .\/zmcertmgr createca -new ** Creating \/opt\/zimbra\/ssl\/zimbra\/ca\/zmssl.cnf&#8230;done ** Creating CA private key \/opt\/zimbra\/ssl\/zimbra\/ca\/ca.key&#8230;done. ** [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3474"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3474"}],"version-history":[{"count":2,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3474\/revisions"}],"predecessor-version":[{"id":3476,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3474\/revisions\/3476"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3474"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3474"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3474"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}