Invalid SQL: SELECT * FROM `swcomments` AS comments LEFT JOIN `swcommentdata` AS commentdata ON (comments.commentid = commentdata.commentid) WHERE comments.commenttype = '4' AND comments.isapproved = '1' AND comments.typeid = '42'; (Table './kayako/swcommentdata' is marked as crashed and should be repaired) How to install a commercial SSL for Zimbra on OS X Server - Powered By Kayako eSupport
09 Feb 2010 
Support Center » Knowledgebase » How to install a commercial SSL for Zimbra on OS X Server
 How to install a commercial SSL for Zimbra on OS X Server
Solution A. Create a commercial keystore

su - zimbra
keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/zimbra/ssl/ssl/commercial.keystore

Use "zimbra" for the keystore password, and the name of your host for the first/last name. If your organization is Acme Co in San Francisco CA, with the zimbra mail server mailhost.domain.com, the process will look like this:

zimbra@mailhost$ keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/zimbra/ssl/ssl/commercial.keystore
Enter keystore password: zimbra
What is your first and last name?
[Unknown]: mailhost.domain.com
What is the name of your organizational unit?
[Unknown]: Acme Co
What is the name of your organization?
[Unknown]: Acme Co
What is the name of your City or Locality?
[Unknown]: San Francisco
What is the name of your State or Province?
[Unknown]: CA
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=mailhost.domain.com, OU=Acme Co, O=Acme Co, L=San Francisco, ST=CA, C=US correct?
[no]: y

Enter key password for
(RETURN if same as keystore password):

B. Create the certificate request file

Remember the password is "zimbra"; this should all be on one line:

keytool -certreq -keyalg RSA -alias tomcat -file /opt/zimbra/ssl/ssl/commercial.csr -keystore /opt/zimbra/ssl/ssl/commercial.keystore

The result is in the file commercial.csr:

cat /opt/zimbra/ssl/ssl/commercial.csr

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBsTCCARoCAQAwcTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDTALBgNVBAcT
BEhlcmUxEDAOBgNVBAoTB0NvbXBhbnkxEDAOBgNVBAsTB0NvbXBhbnkxGjAYBgNVBAMTEW15aG9z
dC5kb21haW4uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGFzdhsPg/h5qtpkd9F4wB
IIiajDCLEgfbbwUgBaCb8XiZ6KQEb7cJXrqBqNtJsEPghtLsV52YDmHcNruKWEFRPJdJBM8gHR7p
cFHjYcKJyCa77yhBILqg3iNenRTJNIUXVYzwuBJsa2QWbp8dDbRU5aEn3seFGY/FkeA44KA9UwID
AQABoAAwDQYJKoZIhvcNAQEEBQADgYEAb/nHJZxNpJsP6b2PHVubljRKyxyHDbAopvMLHAgkRxH8
OWOgG/yRJ5Q28csCDAQc/5+Rp/Fn0YDxyqgiAHqQRwCz4QcUSgLSGRijsjNzWhGtQhUzNS1qCgPK
FjfnosOkkGmm51RrPcHCLcjBjhWn4oHZ93NUoTW1hdl6ERc6a6c=
-----END NEW CERTIFICATE REQUEST-----


C. Acquire and install the certificate

1. Submit the CSR to the certificate authority of choice

To turn that into a certificate, you'll need to paste it into the web form of your favorite certificate vendor (verisign.com, godaddy, etc.) and they'll take some money from you and return a certificate as a file we'll call foo.crt.

2. Import the cert into the commercial keystore

keytool -import -alias tomcat -keystore /opt/zimbra/ssl/ssl/commercial.keystore -trustcacerts -file foo.crt -storepass zimbra


3. Copy the commercial keystore over the zimbra tomcat keystore

cp /opt/zimbra/ssl/ssl/commercial.keystore /opt/zimbra/tomcat/conf/keystore

tomcat restart

D.

zmtlsctl mixed

tomcat stop

tomcat start

Article Details
Article ID: 42
Created On: 05 Aug 2006 07:01 PM

 This answer was helpful  This answer was not helpful

 User Comments Add a Comment
 Login [Lost Password] 
Email:
Password:
Remember Me:
 
 Search
 Article Options
 Add Comment
 Print Article
 PDF Version
 Email Article
 Add to Favorites
Home | Register | Submit a Ticket | Knowledgebase | Troubleshooter | News | Downloads
Language:

Help Desk Software By Kayako eSupport v3.04.10