This is the only way I managed to install a Standard $12.99 SSL Certificate onto Zimbra 6.0.6
STEP 1: Generate CSR (SSL Certificate Signing Request) and get it signed by GoDaddy.
1) Log into Zimbra's Administration Console - Usually done by logging into https://yourhost.yourdomain.com:7071/zimbraAdmin/
2) On the left hand side, under Tools, click "Certificates"
3) Click on Install Certificate
4) Select your Server Name - hit next
5) Choose "Generate CSR for the commercial certificate authority" - hit next
6) Choose a 2048 bit size, and fill out the form using the following guide:
General CSR Creation Guidelines
Before you can order your SSL Certificates, you must first generate a CSR (Certificate Signing Request) on your server. A CSR is an encrypted body of text. Your CSR will contain encoded information specific to your company and domain name; this information is known as a Distinguished Name or DN.
In the DN for most servers are the following fields: Country, State (or Province), Locality (or City), Organization, Organizational Unit, and Common Name.
Before you can order your SSL Certificates, you must first generate a CSR (Certificate Signing Request) on your server. A CSR is an encrypted body of text. Your CSR will contain encoded information specific to your company and domain name; this information is known as a Distinguished Name or DN.
In the DN for most servers are the following fields: Country, State (or Province), Locality (or City), Organization, Organizational Unit, and Common Name.
Please note:
The Country is a two-digit code -- for the United States, it's 'US'. For countries outside of the United States, see our listing of SSL Certificate Country Codes.
State and Locality are full names, i.e. 'California', 'Los Angeles'.
The Organization Name is your Full Legal Company or Personal Name, as legally registered in your locality.
The Organizational Unit is whichever branch of your company is ordering the certificate such as accounting, marketing, etc.
The Common Name is the Fully Qualified Domain Name (FQDN) for which you are requesting the ssl certificate.
If you are generating a CSR for a Wildcard Certificate your common name must start with *. (for example: *.domain.com). The wildcard character (*) will be able to assume any name that does not have a "dot" character in it.
Once your CSR is created, you will be able to simply copy and paste it into the online order form.
7) Hit next, and wait for the CSR to be generated.
8) Before hitting Finish, click on "Download CSR" to save the file to your computer.
9) Go to GoDaddy.com and start the SSL creation process using their wizard.
10) Once you're at the step where you're asked for the CSR file. Open the previously downloaded file using a text editor, and copy EVERYTHING INCLUDING: -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----
11) Now paste the CSR to GoDaddy making sure you chose 2048-bit from the GoDaddy wizard.
12) Finish the GoDaddy certificate creation process, making sure that the information you enter matches what you used to create the CSR.
13) Download the certificate from GoDaddy for Apache.
2) On the left hand side, under Tools, click "Certificates"
3) Click on Install Certificate
4) Select your Server Name - hit next
5) Select "Install the commercially signed certificate" - hit next twice
6) Visit https://certs.godaddy.com/anonymous/repository.seam and download gd-class2-root.crt
7) Now attach the files as follows:
Root CA: here you attach the file you downloaded in step 6. gd-class2-root.crt
Intermediate CA: Here you attach the 'bundled' file that came with your certificate.
8) Hit Next, and then Finish.
9) Here you might receive an error, and things won't work.
STEP 3: Troubleshooting
1) Copy your gd-class2-root.crt to /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
Then follow the steps below:
- At this point, the csr and the private key should have been created by Zimbra in /opt/zimbra/ssl/zimbra/commercial directory and name them: commercial.csr and commercial.key.
- Make sure the permissions are set to 740 root:root (you can skip this step, I did)
- Make a new directory, ex: /root/certs
- Place the singed cert and the bundle cert in /root/certs (these are the files you downloaded from GoDaddy)
- Verify that the cert and the key match via these commands (run as root)
cd /root/certs
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key ./ ./ - If the output looks good, you can deploy the certificate via this command:
/opt/zimbra/bin/zmcertmgr deploycrt comm ./ ./ - The final step would be to restart the zimbra services for the change to take effect (see the end of this post)
IF step 7 gives you errors such as "logger service cannot start" or "ldap service" can't start.
Then you need to do the following:
The commercial certs were deployed fine. However you must also as ROOT run:
/opt/zimbra/bin/zmcertmgr addcacert /opt/zimbra/ssl/zimbra/commercial/commercial.crt
/opt/zimbra/bin/zmcertmgr addcacert /opt/zimbra/ssl/zimbra/commercial/commercial.crt
Finally, restart your services by
1) su root
2) su zimbra
3) zmcontrol stop
4) zmcontrol start
How do i get the key file but i dont have the private key file .. where can i find the key file
ReplyDeleteSorry, the commercial.key file is created by Zimbra after step 9 above.
ReplyDeleteThe file will already be at /opt/zimbra/ssl/zimbra/commercial/
IT Guy,
ReplyDeleteThanks! Your solution to the issue's followed on step 7 logger and LDAP not starting worked like a charm!
I did a chmod 777 on the files in /opt/zimbra/ssl/zimbra/commercial/ and the cert installed fine.
ReplyDeleteMost reliable human being messages, nicely toasts. are already provided gradually during the entire wedding celebration and therefore are anticipated to be very laid back, humorous and as well as new all at once. best man speech converting websites
ReplyDelete