Zimbra and CaCert _ 0x4142
-
Upload
lazariucas -
Category
Documents
-
view
213 -
download
0
description
Transcript of Zimbra and CaCert _ 0x4142
![Page 1: Zimbra and CaCert _ 0x4142](https://reader035.fdocuments.in/reader035/viewer/2022081822/5695d09b1a28ab9b0293242c/html5/thumbnails/1.jpg)
0x4142Just another blog about bits and bytes
Zimbra and CaCertFebruary 8, 2014 serverThis tutorial is based on this website.
1. Generate a CSR (you have to use the command line as the webinterface does not support 4096 keylength):
1
2
3
4
cd /opt/zimbra/ssl/zimbra/commercial/
rm -rf *
/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 4096 "/O=*.yourdomain.com/OU=YourCompany/CN=*.yourdomain.com"
cat /opt/zimbra/ssl/zimbra/commercial/commercial.csr
2. add your domain to CaCert: Log into cacert -> Domains -> Add -> send email [email protected]. collect the verification link in your webmail https://yourdomain.com with the admin account andclick it4. CaCert: -> Server Certificates -> New -> Sign with Class 1 -> Copy paste content of file/opt/zimbra/ssl/zimbra/commercial/commercial.csr5. install the generated key shown on the website into the file/opt/zimbra/ssl/zimbra/commercial/commercial.crt:
1 vi /opt/zimbra/ssl/zimbra/commercial/commercial.crt
6. Then install the CaCert Root Certificate:
1 wget http://www.cacert.org/certs/root.crt -O commercial_ca.crt
7. And verify that everything works:
1 /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt
it should output:
1 ** Verifying commercial.crt against commercial.key
![Page 2: Zimbra and CaCert _ 0x4142](https://reader035.fdocuments.in/reader035/viewer/2022081822/5695d09b1a28ab9b0293242c/html5/thumbnails/2.jpg)
2
3
Certificate (commercial.crt) and private key (commercial.key) match.
Valid Certificate: commercial.crt: OK
8. if everything is alright, deploy it and restart zimbra:
1
2
/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
su - zimbra -c "zmmailboxdctl restart"
Note: the generated certificate signs *.yourdomain.com, so you should use www.yourdomain.com sosign in, yourdomain.com will not verify correctly.
Related posts:
1. Installing Zimbra (OS Edition) On Ubuntu 12.04LTS2. CAcert Einfuehrung / assurance day3. Zimbra announcing itself via email4. Courier-IMAP Maildir (Roundcube) to Zimbra