Install a Sectigo Domain Validation SSL certificate in Zimbra Rumi, December 16, 2021 We usually get the below four files from Sectigo in the certificate bundle. The file name may vary depending on the certificate type yourdomain.com.crt – main certificate AAACertificateServices.crt – Root Certificate USERTrustRSAAAACA.crt – Intermediate Certificate – 1 SectigoRSADomainValidationSecureServerCA.crt – Intermediate Certificate – 2 Step 1: We shall create two files as below. commercial_ca.crt (includes root certificate and two intermediate certificates) commercial.crt (includes main certificate, root certificate and two intermediate certificates) Step 2: Login to Zimbra server, move to directory /opt/zimbra/ssl/zimbra/commercial and create two files as below. root@mail:~# cd /opt/zimbra/ssl/zimbra/commercial/ root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial_ca.crt root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial.crt Step 3: Provide ownership to Zimbra. root@mail:/opt/zimbra/ssl/zimbra/commercial# chown zimbra:zimbra commercial_ca.crt root@mail:/opt/zimbra/ssl/zimbra/commercial# chown zimbra:zimbra commercial.crt Step 4: Add the certificates into respective files as mentioned above. root@mail:/opt/zimbra/ssl/zimbra/commercial# vim commercial_ca.crt -----BEGIN CERTIFICATE----- <root certificate is here> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <intermediate certificate 1 is here> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <intermediate certificate 2 is here> -----END CERTIFICATE----- root@mail:/opt/zimbra/ssl/zimbra/commercial# vim commercial.crt -----BEGIN CERTIFICATE----- <main certificate is here> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <root certificate is here> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <intermediate certificate 1 is here> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <intermediate certificate 2 is here> -----END CERTIFICATE----- Step 5: Execute below command as Zimbra user to verify the certificate. zimbra@mail:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt The output of this command shall look like below. ** Verifying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' Certificate '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. ** Verifying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' Valid certificate chain: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK We shall not proceed further if we get any error here. We have to resolve the error first and then install the certificate following step 6. Step 6: Install the certificate. zimbra@mail:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt The output should look like below. ** Keeping first certificate in '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' ** Verifying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' Certificate '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. ** Verifying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' Valid certificate chain: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK ** Appending ca chain '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' ** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts' ** NOTE: restart mailboxd to use the imported certificate. ** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.outpacebd.com...ok ** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.outpacebd.com...ok ** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key' ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt' ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key' ** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' ** Creating keystore '/opt/zimbra/conf/imapd.keystore' ** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key' ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt' ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key' ** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' ** Creating keystore '/opt/zimbra/mailboxd/etc/keystore' ** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key' ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt' ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key' ** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key' ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt' ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key' ** NOTE: restart services to use the new certificates. ** Copying CA to /opt/zimbra/conf/ca ** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key' ** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem' ** Creating CA hash symlink 'a23bec5a.0' -> 'ca.pem' ** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt ** Creating CA hash symlink 'ee64a828.0' -> 'commercial_ca_1.crt' ** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt ** Creating CA hash symlink '65ff7287.0' -> 'commercial_ca_2.crt' ** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt ** Creating CA hash symlink 'fc5a8f99.0' -> 'commercial_ca_3.crt' Step 7: Restart Zimbra service to take effect the changes. zimbra@mail:~$ zmcontrol restart Hope this helps . Src: https://learnandgains.blogspot.com/2020/06/install-comodosectigo-domain-validation.html Related Administrations Application Configurations (Linux) ComodoSectigoSSLzimbraZimbra SSL
Create A Network Bridge on CentOS 7 September 1, 2023 Install Module CentOS 7 comes with bridging module loaded on system boot by default. Use the following command to verify whether the module is loaded or not. # modinfo bridge filename: /lib/modules/3.10.0-327.el7.x86_64/kernel/net/bridge/bridge.ko alias: rtnl-link-bridge version: 2.3 license: GPL rhelversion: 7.2 srcversion: 905847C53FF43DEFAA0EB3C depends: stp,llc intree: Y vermagic: 3.10.0-327.el7.x86_64 SMP mod_unload modversions… Read More
Windows IP settings from old Windows network adapters after card replacement July 25, 2022 After replacing an old motherboard with a new one, the NIC is different, has a new MAC address and generally needs a new TCP/IP configuration. However the old NIC is still somewhere there with its designated IP address and the rest. Question: is it possible to retrieve those settings (most important… Read More
Virtualmin create a catch-all email account June 21, 2023 This tutorial will cover how to setup a catch-all email account. Once finished, it will be the default destination for any email arriving at your domain, unless overridden by another email account or alias. It assumes you have logged into Virtualmin as the root user. You can make any email… Read More
Hello I have a problem to deploy my certifcate Sectigo send me 3 file crt file certficat.key ca.bundle Reply
[root@mail commercial]# /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt commercial_ca.crt ** Verifying commercial.crt against commercial.key Certificate (commercial.crt) and private key (commercial.key) match. XXXXX ERROR: Invalid Certificate: commercial.crt: C = xx , ST = xxx xxx, O = xxxxx, CN = *.xxxxx error 20 at 0 depth lookup:unable to get local issuer certificate Reply