User Tools

Site Tools


zimbrassl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
zimbrassl [2017/07/18 13:31]
moliver
zimbrassl [2018/03/31 20:18] (current)
moliver@uclv
Line 30: Line 30:
  
 Seguir los pasos de verificacion y deploy de aqui: https://​wiki.zimbra.com/​wiki/​Installing_a_Comodo_SSL_Certificate_on_Zimbra_Collaboration Seguir los pasos de verificacion y deploy de aqui: https://​wiki.zimbra.com/​wiki/​Installing_a_Comodo_SSL_Certificate_on_Zimbra_Collaboration
 +
 +
 +
 +
 +Para los proxy copiar todo desde OKA
 +<​code>​
 +cd /tmp
 +scp root@10.12.1.5:/​etc/​letsencrypt/​live/​mta.uclv.edu.cu-0001/​* .
 +</​code>​
 +
 +Luego adicionar el CA de LE y pasarlo al proceso de verificación del zimbra
 +<​code>​
 +cat >> fullchain.pem << '​EoT'​
 +-----BEGIN CERTIFICATE-----
 +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/​
 +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
 +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
 +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
 +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
 +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/​IUmTrE4O
 +rz5Iy2Xu/​NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
 +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
 +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/​5WgTe1QLyNau7Fqckh49ZLOMxt+/​yUFw
 +7BZy1SbsOFU5Q9D8/​RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
 +aeQQmxkqtilX4+U9m5/​wAl0CAwEAAaNCMEAwDwYDVR0TAQH/​BAUwAwEB/​zAOBgNV
 +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/​xBVghYkQMA0GCSqG
 +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
 +ikugdB/​OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
 +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
 +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/​md2cXjbDaJWFBM5
 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
 +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
 +-----END CERTIFICATE-----
 +EoT
 +
 +/​opt/​zimbra/​bin/​zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem
 +</​code>​
 +
 +La salida debe ser similar a esta:
 +<​code>​
 +zimbra@mail-proxy-2:/​tmp$ /​opt/​zimbra/​bin/​zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem
 +** Verifying '​cert.pem'​ against '​privkey.pem'​
 +Certificate '​cert.pem'​ and private key '​privkey.pem'​ match.
 +** Verifying '​cert.pem'​ against '​fullchain.pem'​
 +Valid certificate chain: cert.pem: OK
 +zimbra@mail-proxy-2:/​tmp$
 +</​code>​
 +
 +Si todo está bien se puede sobre incluir la llave privada dentro de la estrucutra del zimbra
 +<​code>​
 +#copia de seguridad
 +cp -f /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key.`date +'​%Y%m%d%H%M%S'​`
 +#borro
 +rm -f /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key
 +#pasar la nueva
 +cp  privkey.pem /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key
 +#verificar de nuevo
 +/​opt/​zimbra/​bin/​zmcertmgr verifycrt comm /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key cert.pem fullchain.pem
 +#​instalación definitiva
 +/​opt/​zimbra/​bin/​zmcertmgr deploycrt ​ comm  cert.pem fullchain.pem
 +</​code>​
 +
 +
 +Para verificar todo al final:
 +<​code>​
 +/​opt/​zimbra/​bin/​zmcertmgr viewdeployedcrt all 
 +</​code>​
  
  
zimbrassl.1500399070.txt.gz · Last modified: 2017/07/18 13:31 by moliver