Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to install RapidSSL in zimbra8.x". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

After installing zimbra, a self-signed certificate is automatically generated, but I applied for a wildcard certificate in rapidSSL before, so all I have to do is upload the certificate

The files to download the certificate first include the following (the purchased wildcard certificate is prefixed with star)

1. Server certificate crt STAR.xxxx.com.crt

2. Server private key key STAR.xxxx.com.key

3. The root certificate ca-bundle ca-bundle.crt also has a ca_chain.

As there are many places for zimbra to use certificates, manual installation may cause a lot of inconsistencies, so it is better to use zm tools.

In the management page [Home Page-configuration-Certificate], first create a new enterprise CSR, regardless of what information you enter, just generate it (for you to apply for a certificate), I already have it, so don't worry about it.

At the terminal, enter the zimbra user

Sudo su zimbra

Overwrite key file

Cp STAR.xxxx.com.key / opt/zimbra/ssl/zimbra/commercial/commercial.key

Verify the certificate

Zmcertmgr verifycrt comm / opt/zimbra/ssl/zimbra/commercial/commercial.key STAR.xxxx.com.crt ca-bundle.crt

Ok should be returned as normal.

But an error is reported:

Error 2 at 2 depth lookup:unable to get issuer certificate

The final solution:

Because the root certificate given by the seller contains only 2 paragraphs:

The first one:

Issued to: RapidSSL SHA256 CA

Issued by: GeoTrust Global CA

Valid from: 12/11/2013 to 5/20/2022

Serial Number: 02 3a 71

Second:

Issued to: GeoTrust Global CA

Issued by: Equifax Secure Certificate Authority

Valid from: 5/20/2002 to 8/20/2018

Serial Number: 12 bb e6

It is not a trust authority that linux can verify (the root certificate of a larger institution is built in openssl, but rapidssl is obviously not, so it needs to be authenticated by a certificate chain, in other words, the certificate chain is incomplete); therefore, authentication cannot be passed.

A higher level of root certificate needs to be added to the ca file

Until associated with and trusted with the certificate built into openssl

Issued to: Equifax Secure Certificate Authority

Issued by: Equifax Secure Certificate Authority

Valid from: 8/22/1998 to 8/22/2018

Download from the following address:

Https://knowledge.rapidssl.com/library/VERISIGN/INTERNATIONAL_AFFILIATES/GeoTrust/Equifax_Secure_Certificate_Authority.pem

Or if not, you need to ask your supplier to provide a complete certificate chain until the verification is passed.

Verify that you will get a mach and an ok.

All right, you can continue to install the certificate.

Zmcertmgr deploycrt comm STAR.xxxx.com.crt ca-bundle.crt

After getting a large number of ok and the last save copy and create, it will be fine.

Verify:

Zmcertmgr viewdeployedcrt

If you get the result, the certificates in different modules are all your own.

Of course, to take effect, it needs to be restarted.

Zmcontrol status

After restarting, remember to close the browser and open zimbra to see that the certificate has been imported.

The biggest problem in the installation is the certificate. If your root certificate is not in one file, you need to merge all the root certificates and use them later. If you are operating in web, you need to import all the root certificates. Of course, you can also upload a file after merging.

This is the end of the content of "how to install RapidSSL in zimbra8.x". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.