Merhabalar size Zimbra 8 SSL sertifka nasıl kurulacağını anlatmaya çalışcam…
Ağaşıdaki işlemleri sırası ile yapalım…
[root@mail ~]# mkdir ssl
[root@mail ~]# cd ssl/
[root@mail ssl]# cat ca_bundle.crt
—–BEGIN CERTIFICATE—–
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
knYYCnwPLKbK3opie9jzzl9ovY8+wXS7FXI6FoOpC+ZNmZzYV+yoAVHHb1c0XqtK
LEL2TxyJeN4mTvVvk0wVaydWTQBUbHq3tw==
—–END CERTIFICATE—–
[root@mail ssl]# cat ssl.crt
—–BEGIN CERTIFICATE—–
28pusi1VdsFBS84kBCLq7qWio4KqITEmRtapTsMPti++TsQcUAg1YRyLCUewcF8u
jPRM8hcGhva62ttsGHsqQj2ifOXJoTDC8McZgg==
—–END CERTIFICATE—–
[root@mail ssl]# cd /opt/zimbra/bin/
[root@mail bin]# ./zmcertmgr deploycrt comm /root/ssl/ssl.crt /root/ssl/ca_bundle.crt
** Verifying /root/ssl/ssl.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/root/ssl/ssl.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /root/ssl/ssl.crt: OK
** Copying /root/ssl/ssl.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain /root/ssl/ca_bundle.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca…done.
** NOTE: mailboxd must be restarted in order to use the imported certificate.
** Saving server config key zimbraSSLCertificate…done.
** Saving server config key zimbraSSLPrivateKey…done.
** Installing mta certificate and key…done.
** Installing slapd certificate and key…done.
** Installing proxy certificate and key…done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore…done.
** Installing CA to /opt/zimbra/conf/ca…done.
[root@mail bin]# /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt
Owner: CN=mail.idriskoc.com, OU=Domain Control Validated – RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)13, OU=GT91889540, SERIALNUMBER=AO9OA0of0xfcKOkimPjcpvFcuxrLe9Df
Issuer: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
Serial number: a7aab
Valid from: Thu Feb 07 14:13:29 EET 2013 until: Mon Feb 10 23:26:37 EET 2014
Certificate fingerprints:
MD5: D5:88:F0:12:7F:36:7D:B6:C3:D6:20:1B:E3:02:E7:72
SHA1: 28:99:D7:D1:D3:67:23:34:34:56:B2:D3:D4:8F:73:12:FB:B9:C9:63
SHA256: E0:80:A3:48:5D:7C:30:D0:FC:D3:8B:72:81:05:40:9F:D4:36:F4:14:CA:19:52:81:CF:DA:8F:F2:9D:29:F4:30
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://rapidssl-ocsp.geotrust.com
,
accessMethod: caIssuers
accessLocation: URIName: http://rapidssl-aia.geotrust.com/rapidssl.crt
]
]
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 6B 69 3D 6A 18 42 4A DD 8F 02 65 39 FD 35 24 86 ki=j.BJ…e9.5$.
0010: 78 91 16 30 x..0
]
]
#3: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://rapidssl-crl.geotrust.com/crls/rapidssl.crl]
]]