Multi Domain SSL Certificate Installation

Comodo SAN Multi domain SSL Certificate Installation

Preview:

1. We shall have 4 files.

2. commercial.csr, commercial.key, commercial.crt, commercial_ca.crt

3. commercial.csr and commercial.key will be present in the server (location: /opt/zimbra/ssl/zimbra/commercial/).

Instruction:

1. From the SSL vendor we may receive a zip file that contains 2 files.

2. These files will be:

ABC.crt [contains 1 certificate]

ABC.ca-bundle [contains 2 certificates]

3. ABC.crt contains 1 security certificate.

4. ABC.ca-bundle contains 1 root certificate & 1 intermediate certificate.

5. We need to composite ABC.crt & ABC.ca-bundle and another security key file to get below mentioned files:

a. commercial.crt

b. commercial_ca.crt

6. All above mentioned files shall be placed in the below mentioned location:

/opt/zimbra/ssl/zimbra/commercial/

7. All files shall have ownership of zimbra as like:

-rw-r----- 1 zimbra zimbra 5644 Jan 10 23:40 commercial_ca.crt

-rw-r----- 1 zimbra zimbra 7754 Jan 10 23:44 commercial.crt

8. Please avail below table to referring to the composition:

File Name	Content based on order	No. of key	Total no. of key
commercial_ca.crt	ABC.ca-bundle	2	3
commercial_ca.crt	Security Key from COMODO	1	3
commercial_ca.crt	ABC.crt	1	4
	ABC,ca-bundle	2
	Security Key from COMODO	1

9. Format of these files shall be as mentioned below:

-----BEGIN CERTIFICATE-----

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-----END CERTIFICATE-----

10. Now we have 3 files i.e commercial.key, commercial.crt & commercial_ca.crt

11. Now use below commands to verify them:

zimbra@mail:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

We should get output of matching notification and a OK. Example:

** Verifying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'

Certificate '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.

** Verifying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'

Valid certificate chain: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK

zimbra@mail:~/ssl/zimbra/commercial$

12. If everything is okay, then use below commands to install the certificate:

zimbra@mail:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

Is this case, we will get output as mentioned below:

** Keeping first certificate in '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'

** Verifying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'

Certificate '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.

** Verifying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'

Valid certificate chain: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK

** Appending ca chain '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'

** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'

** NOTE: restart mailboxd to use the imported certificate.

** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.example.com...ok

** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.example.com...ok

** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'

** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'

** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'

** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'

** Creating keystore '/opt/zimbra/conf/imapd.keystore'

** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'

** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'

** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key

13. Finally, when the certificate installation is successful, we shall restart zimbra services.

14. At the end we can check the certificate status from any reputed browser (i.e. Firefox, Chrome, Opera etc.)

Search This Blog

The Craving Mind

Multi Domain SSL Certificate Installation

Comments

Post a Comment

Popular posts from this blog

Disabling Zimbra's AntiSpam, Amavis and AntiVirus filtering

Cambium cnPilot E400/E410/E500 Configuration Tutorial

Error "Unable to retrive Zimbra GPG key for package validation"