Insert own ssl cert in zimbra
Installation and configuration of your own internet domain ssl certificate:
- copy your ssl cert files to /opt/zimbra/ssl/zimbra/commercial/
- rename ssl.cert to commercial.crt
- rename ca.cert to commercial_ca.crt
- rename apache.key to commercial.key
- test if cert is ok with
/opt/zimbra/openssl/bin/openssl verify -CAfile commercial_ca.crt commercial.crt
[root]# /opt/zimbra/openssl/bin/openssl verify -CAfile commercial_ca.crt commercial.crt commercial.crt: OK
- activate cert with
opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
[root]# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt ** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match. Valid Certificate: commercial.crt: OK ** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt cp: „commercial.crt“ und „/opt/zimbra/ssl/zimbra/commercial/commercial.crt“ sind die gleiche Datei ** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt cp: „commercial_ca.crt“ und „/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt“ sind die gleiche Datei ** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done. ** NOTE: mailboxd must be restarted in order to use the imported certificate. ** Saving server config key zimbraSSLCertificate...done. ** Saving server config key zimbraSSLPrivateKey...done. ** Installing mta certificate and key...done. ** Installing slapd certificate and key...done. ** Installing proxy certificate and key...done. ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done. ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done. ** Installing CA to /opt/zimbra/conf/ca...done.
- reboot system
If you use a wildcard certificate (e.g. *.schnuerle.com) for your internet domain - so edit your local hosts to get the local ip if you use this internet domain in your local network:
10.10.10.21 mail.schnuerle.com
Authors: