User Tools

Site Tools


zimbrassl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
zimbrassl [2017/07/07 22:46]
moliver created
zimbrassl [2018/03/31 20:18] (current)
moliver@uclv
Line 4: Line 4:
  
 Se debe adicionar un root CA que es este: https://​www.identrust.com/​certificates/​trustid/​root-download-x3.html Se debe adicionar un root CA que es este: https://​www.identrust.com/​certificates/​trustid/​root-download-x3.html
 +
 +<​code>​
 +-----BEGIN CERTIFICATE-----
 +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/​
 +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
 +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
 +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
 +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
 +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/​IUmTrE4O
 +rz5Iy2Xu/​NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
 +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
 +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/​5WgTe1QLyNau7Fqckh49ZLOMxt+/​yUFw
 +7BZy1SbsOFU5Q9D8/​RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
 +aeQQmxkqtilX4+U9m5/​wAl0CAwEAAaNCMEAwDwYDVR0TAQH/​BAUwAwEB/​zAOBgNV
 +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/​xBVghYkQMA0GCSqG
 +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
 +ikugdB/​OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
 +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
 +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/​md2cXjbDaJWFBM5
 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
 +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
 +-----END CERTIFICATE-----
 +</​code>​
 +
  
 Seguir los pasos de verificacion y deploy de aqui: https://​wiki.zimbra.com/​wiki/​Installing_a_Comodo_SSL_Certificate_on_Zimbra_Collaboration Seguir los pasos de verificacion y deploy de aqui: https://​wiki.zimbra.com/​wiki/​Installing_a_Comodo_SSL_Certificate_on_Zimbra_Collaboration
 +
 +
 +
 +
 +Para los proxy copiar todo desde OKA
 +<​code>​
 +cd /tmp
 +scp root@10.12.1.5:/​etc/​letsencrypt/​live/​mta.uclv.edu.cu-0001/​* .
 +</​code>​
 +
 +Luego adicionar el CA de LE y pasarlo al proceso de verificación del zimbra
 +<​code>​
 +cat >> fullchain.pem << '​EoT'​
 +-----BEGIN CERTIFICATE-----
 +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/​
 +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
 +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
 +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
 +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
 +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/​IUmTrE4O
 +rz5Iy2Xu/​NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
 +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
 +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/​5WgTe1QLyNau7Fqckh49ZLOMxt+/​yUFw
 +7BZy1SbsOFU5Q9D8/​RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
 +aeQQmxkqtilX4+U9m5/​wAl0CAwEAAaNCMEAwDwYDVR0TAQH/​BAUwAwEB/​zAOBgNV
 +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/​xBVghYkQMA0GCSqG
 +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
 +ikugdB/​OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
 +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
 +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/​md2cXjbDaJWFBM5
 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
 +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
 +-----END CERTIFICATE-----
 +EoT
 +
 +/​opt/​zimbra/​bin/​zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem
 +</​code>​
 +
 +La salida debe ser similar a esta:
 +<​code>​
 +zimbra@mail-proxy-2:/​tmp$ /​opt/​zimbra/​bin/​zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem
 +** Verifying '​cert.pem'​ against '​privkey.pem'​
 +Certificate '​cert.pem'​ and private key '​privkey.pem'​ match.
 +** Verifying '​cert.pem'​ against '​fullchain.pem'​
 +Valid certificate chain: cert.pem: OK
 +zimbra@mail-proxy-2:/​tmp$
 +</​code>​
 +
 +Si todo está bien se puede sobre incluir la llave privada dentro de la estrucutra del zimbra
 +<​code>​
 +#copia de seguridad
 +cp -f /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key.`date +'​%Y%m%d%H%M%S'​`
 +#borro
 +rm -f /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key
 +#pasar la nueva
 +cp  privkey.pem /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key
 +#verificar de nuevo
 +/​opt/​zimbra/​bin/​zmcertmgr verifycrt comm /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key cert.pem fullchain.pem
 +#​instalación definitiva
 +/​opt/​zimbra/​bin/​zmcertmgr deploycrt ​ comm  cert.pem fullchain.pem
 +</​code>​
 +
 +
 +Para verificar todo al final:
 +<​code>​
 +/​opt/​zimbra/​bin/​zmcertmgr viewdeployedcrt all 
 +</​code>​
  
  
zimbrassl.1499481985.txt.gz · Last modified: 2017/07/07 22:46 by moliver