Zimbra 8.x Installation RapidSSL

Source: Internet
Author: User

A self-signed certificate is automatically generated when the Zimbra is installed, but I have previously applied for a wildcard certificate in RapidSSL, so just upload the certificate.


The files that download the certificate first include the following (the wildcard certificate that was purchased is the previous prefix is star)

1. server Certificate CRT STAR.XXXX.COM.CRT

2. Server Private key STAR.xxxx.com.key

3, Root certificate Ca-bundle CA-BUNDLE.CRT also have called Ca_chain


Because the Zimbra with the certificate of more places, manual installation estimates will produce a lot of inconsistencies, or with ZM tools good


In the Administration page, "Home-configuration-Certificate" to create a new enterprise CSR, regardless of the input of what information as long as the production line (for you to apply for certificate use), we have already had so do not care about it.


In the terminal, enter the Zimbra user

sudo su Zimbra

Overwrite key file

CP Star.xxxx.com.key/opt/zimbra/ssl/zimbra/commercial/commercial.key


Verifying certificates

Zmcertmgr verifycrt Comm/opt/zimbra/ssl/zimbra/commercial/commercial.key STAR.xxxx.com.crt ca-bundle.crt

Normal should return OK


But the error:

Error 2 at 2 depth lookup:unable to get issuer certificate


Final Solution:

Because only 2 segments of the root certificate given by the vendor contain 2 parts:

The first one:

Issued To:rapidssl SHA256 CA

Issued By:geotrust Global CA

Valid from:12/11/2013 to 5/20/2022

Serial NUMBER:02 3a 71


The second one:

Issued To:geotrust Global CA

Issued by:equifax Secure Certificate Authority

Valid from:5/20/2002 to 8/20/2018

Serial number:12 BB e6


It is not the trust authority that Linux can authenticate (the root certificate of the larger institution is built into OpenSSL, but RapidSSL is obviously not, it requires a certificate chain to authenticate, in other words the certificate chain is incomplete);


You need to add a higher-level root certificate to the CA file.

Until it is associated and trusted with the built-in certificate in OpenSSL


Issued to:equifax Secure Certificate Authority

Issued by:equifax Secure Certificate Authority

Valid from:8/22/1998 to 8/22/2018


Download from the following address:


Https://knowledge.rapidssl.com/library/VERISIGN/INTERNATIONAL_AFFILIATES/GeoTrust/Equifax_Secure_Certificate_Authority.pem


Or if it doesn't, you need to have your supplier complete a certificate chain until the


Verify through you will get a Mach and an OK



Okay, you can continue to install the certificate.

Zmcertmgr DEPLOYCRT Comm STAR.XXXX.COM.CRT CA-BUNDLE.CRT


Get a large number of OK and final save copy and create after it is ready


Verify that:

Zmcertmgr VIEWDEPLOYEDCRT

If you get the results, the certificates in the different modules are all their own.

Of course, it requires a reboot.

Zmcontrol status

After the restart, remember to close the browser open Zimbra can see the certificate you have imported


The biggest problem in the installation is the certificate, if your root certificate is not in a file, you need to merge all the root certificates for later use, if you are operating in the web, you need to import all the root certificates to the line, of course, you can also merge and upload 1 files.



This article is from "仝渊 's operation and maintenance station" blog, please be sure to keep this source http://axe999.blog.51cto.com/8295103/1927331

Zimbra 8.x Installation RapidSSL

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.