This shows you the differences between two versions of the page.
zimbrassl [2017/10/05 01:51] moliver |
zimbrassl [2020/04/10 17:38] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | SSL | ||
- | |||
- | Se puede crear la solicitud desde OKA por letsencrypt | ||
- | |||
- | Se debe adicionar un root CA que es este: https://www.identrust.com/certificates/trustid/root-download-x3.html | ||
- | |||
- | <code> | ||
- | -----BEGIN CERTIFICATE----- | ||
- | MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | ||
- | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||
- | DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow | ||
- | PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | ||
- | Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | ||
- | AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O | ||
- | rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq | ||
- | OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b | ||
- | xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw | ||
- | 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD | ||
- | aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV | ||
- | HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG | ||
- | SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 | ||
- | ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr | ||
- | AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz | ||
- | R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 | ||
- | JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo | ||
- | Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ | ||
- | -----END CERTIFICATE----- | ||
- | </code> | ||
- | |||
- | |||
- | Seguir los pasos de verificacion y deploy de aqui: https://wiki.zimbra.com/wiki/Installing_a_Comodo_SSL_Certificate_on_Zimbra_Collaboration | ||
- | |||
- | |||
- | |||
- | |||
- | Para los proxy copiar todo desde OKA | ||
- | <code> | ||
- | cd /tmp | ||
- | scp root@10.12.1.5:/etc/letsencrypt/live/correo.uclv.edu.cu-0002/* . | ||
- | </code> | ||
- | |||
- | Luego adicionar el CA de LE y pasarlo al proceso de verificación del zimbra | ||
- | <code> | ||
- | cat >> fullchain.pem << 'EoT' | ||
- | -----BEGIN CERTIFICATE----- | ||
- | MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | ||
- | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||
- | DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow | ||
- | PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | ||
- | Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | ||
- | AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O | ||
- | rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq | ||
- | OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b | ||
- | xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw | ||
- | 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD | ||
- | aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV | ||
- | HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG | ||
- | SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 | ||
- | ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr | ||
- | AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz | ||
- | R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 | ||
- | JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo | ||
- | Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ | ||
- | -----END CERTIFICATE----- | ||
- | EoT | ||
- | |||
- | /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem | ||
- | </code> | ||
- | |||
- | La salida debe ser similar a esta: | ||
- | <code> | ||
- | zimbra@mail-proxy-2:/tmp$ /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem | ||
- | ** Verifying 'cert.pem' against 'privkey.pem' | ||
- | Certificate 'cert.pem' and private key 'privkey.pem' match. | ||
- | ** Verifying 'cert.pem' against 'fullchain.pem' | ||
- | Valid certificate chain: cert.pem: OK | ||
- | zimbra@mail-proxy-2:/tmp$ | ||
- | </code> | ||
- | |||
- | Si todo está bien se puede sobre incluir la llave privada dentro de la estrucutra del zimbra | ||
- | <code> | ||
- | #copia de seguridad | ||
- | cp -f /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.key.safe | ||
- | #pasar la nueva | ||
- | cp -f privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key | ||
- | #verificar de nuevo | ||
- | /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key cert.pem fullchain.pem | ||
- | #instalación definitiva | ||
- | /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem fullchain.pem | ||
- | </code> | ||
- | |||