STORY of AODDY. » Post 'How to create new CA on Zimbra 5.0 .'

How to create new CA on Zimbra 5.0 .

0
Posted in linux, zimbra by aoddy
March 4, 2008

After I started my Zimbra server, I had alerte from my server. It told me about my CA was mismatch with my domain. This is example alert :

If you want to create new CA for your Zimbra server , you can follow these steps :



[aoddy@zimbra ~]# su -
[root@zimbra ~]# rm -rf /opt/zimbra/ssl
[root@zimbra ~]# mkdir /opt/zimbra/ssl
[root@zimbra ~]# chown zimbra:zimbra /opt/zimbra/ssl

Change user to zimbra account


[root@zimbra ~]# su - zimbra
[zimbra@uranus ~]$ keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
[zimbra@uranus ~]$ keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass zimbra
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
[zimbra@uranus ~]$ zmlocalconfig -s -m nokey mailboxd_keystore_password
cz3vJBeRZ

Edit some details in file /opt/zimbra/conf/zmssl.cnf.in


countryName_default = TH
stateOrProvinceName = Bangkok
localityName = Thailand
0.organizationName = Aoddy
organizationalUnitName = Aoddy
commonName = mail.aoddy.com #(eg, your name or your server\’s hostname)
commonName_default = mail.aoddy.com

Create new CA.


[root@uranus ~]# /opt/zimbra/bin/zmcertmgr createca -new
** Creating directory /opt/zimbra/ssl/zimbra
** Creating directory /opt/zimbra/ssl/zimbra/ca
** Creating directory /opt/zimbra/ssl/zimbra/server
** Creating directory /opt/zimbra/ssl/zimbra/commercial
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf…done
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key…done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem…done.

Deploy new CA


[root@uranus ~]# /opt/zimbra/bin/zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS…done.
** Saving CA in ldap…done.
** Copying CA to /opt/zimbra/conf/ca…done.

Create certificate by self


[root@uranus ~]# /opt/zimbra/bin/zmcertmgr createcsr self -new ‘/C=TH/ST=Bangkok/L=Thailand/O=Aoddy/CN=mail.aoddy.com’
** Generating a server csr for download self -new /C=TH/ST=Bangkok/L=Thailand/O=Aoddy/CN=mail.aoddy.com
subj=/C=TH/ST=Bangkok/L=Thailand/O=Asterluce/CN=mail.aoddy.com
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20080226155943
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr…done.

Deploy new certificate .


[root@uranus ~]# /opt/zimbra/bin/zmcertmgr deploycrt self -new
** Installing Certificates from /opt/zimbra/ssl/zimbra/server/server.crt
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20080226160014
** Creating /opt/zimbra/conf/zmssl.cnf…done
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr…done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore…done.
** Installing mta certificate and key…done.
** Installing slapd certificate and key…done.
** Installing proxy certificate and key…done.
** Installing CA to /opt/zimbra/conf/ca…done.

Check new certificate .


[root@uranus ~]# /opt/zimbra/bin/zmcertmgr viewcsr self
subject=/C=TH/ST=Bangkok/L=Thailand/O=Asterluce/CN=mail.asterluce.com
SubjectAltName=

Perfect !! :D

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
Tags:,

Leave a comment

XHTML - You can use:<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« How to fix problem when linux guest on vmware has run time fast than host. How to upgrade Zimbra 4.5.9 to 5.0.2 . »
ClockWorkSimple Theme by ClockWorkBlogger
© 2008 STORY of AODDY. is powered by WordPress