Zimbra 8.x Installation RapidSSL

A self-signed certificate is automatically generated when the Zimbra is installed, but I have previously applied for a wildcard certificate in RapidSSL, so just upload the certificate.

The files that download the certificate first include the following (the wildcard certificate that was purchased is the previous prefix is star)

1. server Certificate CRT STAR.XXXX.COM.CRT

2. Server Private key STAR.xxxx.com.key

3, Root certificate Ca-bundle CA-BUNDLE.CRT also have called Ca_chain

Because the Zimbra with the certificate of more places, manual installation estimates will produce a lot of inconsistencies, or with ZM tools good

In the Administration page, "Home-configuration-Certificate" to create a new enterprise CSR, regardless of the input of what information as long as the production line (for you to apply for certificate use), we have already had so do not care about it.

In the terminal, enter the Zimbra user

sudo su Zimbra

Overwrite key file

CP Star.xxxx.com.key/opt/zimbra/ssl/zimbra/commercial/commercial.key

Verifying certificates

Zmcertmgr verifycrt Comm/opt/zimbra/ssl/zimbra/commercial/commercial.key STAR.xxxx.com.crt ca-bundle.crt

Normal should return OK

But the error:

Error 2 at 2 depth lookup:unable to get issuer certificate

Final Solution:

Because only 2 segments of the root certificate given by the vendor contain 2 parts:

The first one:

Issued To:rapidssl SHA256 CA

Issued By:geotrust Global CA

Valid from:12/11/2013 to 5/20/2022

Serial NUMBER:02 3a 71

The second one:

Issued To:geotrust Global CA

Issued by:equifax Secure Certificate Authority

Valid from:5/20/2002 to 8/20/2018

Serial number:12 BB e6

It is not the trust authority that Linux can authenticate (the root certificate of the larger institution is built into OpenSSL, but RapidSSL is obviously not, it requires a certificate chain to authenticate, in other words the certificate chain is incomplete);

You need to add a higher-level root certificate to the CA file.

Until it is associated and trusted with the built-in certificate in OpenSSL

Issued to:equifax Secure Certificate Authority

Issued by:equifax Secure Certificate Authority

Valid from:8/22/1998 to 8/22/2018

Download from the following address:

Https://knowledge.rapidssl.com/library/VERISIGN/INTERNATIONAL_AFFILIATES/GeoTrust/Equifax_Secure_Certificate_Authority.pem

Or if it doesn't, you need to have your supplier complete a certificate chain until the

Verify through you will get a Mach and an OK

Okay, you can continue to install the certificate.

Zmcertmgr DEPLOYCRT Comm STAR.XXXX.COM.CRT CA-BUNDLE.CRT

Get a large number of OK and final save copy and create after it is ready

Verify that:

Zmcertmgr VIEWDEPLOYEDCRT

If you get the results, the certificates in the different modules are all their own.

Of course, it requires a reboot.

Zmcontrol status

After the restart, remember to close the browser open Zimbra can see the certificate you have imported

The biggest problem in the installation is the certificate, if your root certificate is not in a file, you need to merge all the root certificates for later use, if you are operating in the web, you need to import all the root certificates to the line, of course, you can also merge and upload 1 files.

This article is from "仝渊 's operation and maintenance station" blog, please be sure to keep this source http://axe999.blog.51cto.com/8295103/1927331

Zimbra 8.x Installation RapidSSL