User Tools

Site Tools


zimbrassl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
zimbrassl [2017/08/17 07:53]
moliver
zimbrassl [2018/03/31 20:18] (current)
moliver@uclv
Line 34: Line 34:
  
  
-Para los proxy+Para los proxy copiar todo desde OKA
 <​code>​ <​code>​
 cd /tmp cd /tmp
-scp root@10.12.1.5:/​etc/​letsencrypt/​live/​correo.uclv.edu.cu-0002/* .+scp root@10.12.1.5:/​etc/​letsencrypt/​live/​mta.uclv.edu.cu-0001/* . 
 +</​code>​
  
-cat >> fullchain.pem+Luego adicionar el CA de LE y pasarlo al proceso de verificación del zimbra 
 +<​code>​ 
 +cat >> fullchain.pem ​<< '​EoT'​
 -----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
 MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/​ MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/​
Line 61: Line 64:
 -----END CERTIFICATE----- -----END CERTIFICATE-----
 EoT EoT
 +
 +/​opt/​zimbra/​bin/​zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem
 +</​code>​
 +
 +La salida debe ser similar a esta:
 +<​code>​
 +zimbra@mail-proxy-2:/​tmp$ /​opt/​zimbra/​bin/​zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem
 +** Verifying '​cert.pem'​ against '​privkey.pem'​
 +Certificate '​cert.pem'​ and private key '​privkey.pem'​ match.
 +** Verifying '​cert.pem'​ against '​fullchain.pem'​
 +Valid certificate chain: cert.pem: OK
 +zimbra@mail-proxy-2:/​tmp$
 +</​code>​
 +
 +Si todo está bien se puede sobre incluir la llave privada dentro de la estrucutra del zimbra
 +<​code>​
 +#copia de seguridad
 +cp -f /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key.`date +'​%Y%m%d%H%M%S'​`
 +#borro
 +rm -f /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key
 +#pasar la nueva
 +cp  privkey.pem /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key
 +#verificar de nuevo
 +/​opt/​zimbra/​bin/​zmcertmgr verifycrt comm /​opt/​zimbra/​ssl/​zimbra/​commercial/​commercial.key cert.pem fullchain.pem
 +#​instalación definitiva
 +/​opt/​zimbra/​bin/​zmcertmgr deploycrt ​ comm  cert.pem fullchain.pem
 +</​code>​
 +
 +
 +Para verificar todo al final:
 +<​code>​
 +/​opt/​zimbra/​bin/​zmcertmgr viewdeployedcrt all 
 +</​code>​
  
  
zimbrassl.1502970791.txt.gz · Last modified: 2017/08/17 07:53 by moliver