zimbrassl
Differences
This shows you the differences between two versions of the page.
|
zimbrassl [2018/01/02 01:07] moliver |
zimbrassl [2020/04/10 17:38] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | SSL | ||
| - | |||
| - | Se puede crear la solicitud desde OKA por letsencrypt | ||
| - | |||
| - | Se debe adicionar un root CA que es este: https://www.identrust.com/certificates/trustid/root-download-x3.html | ||
| - | |||
| - | <code> | ||
| - | -----BEGIN CERTIFICATE----- | ||
| - | MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | ||
| - | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||
| - | DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow | ||
| - | PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | ||
| - | Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | ||
| - | AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O | ||
| - | rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq | ||
| - | OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b | ||
| - | xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw | ||
| - | 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD | ||
| - | aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV | ||
| - | HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG | ||
| - | SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 | ||
| - | ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr | ||
| - | AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz | ||
| - | R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 | ||
| - | JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo | ||
| - | Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ | ||
| - | -----END CERTIFICATE----- | ||
| - | </code> | ||
| - | |||
| - | |||
| - | Seguir los pasos de verificacion y deploy de aqui: https://wiki.zimbra.com/wiki/Installing_a_Comodo_SSL_Certificate_on_Zimbra_Collaboration | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | Para los proxy copiar todo desde OKA | ||
| - | <code> | ||
| - | cd /tmp | ||
| - | scp root@10.12.1.5:/etc/letsencrypt/live/correo.uclv.edu.cu-0002/* . | ||
| - | </code> | ||
| - | |||
| - | Luego adicionar el CA de LE y pasarlo al proceso de verificación del zimbra | ||
| - | <code> | ||
| - | cat >> fullchain.pem << 'EoT' | ||
| - | -----BEGIN CERTIFICATE----- | ||
| - | MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | ||
| - | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||
| - | DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow | ||
| - | PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | ||
| - | Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | ||
| - | AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O | ||
| - | rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq | ||
| - | OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b | ||
| - | xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw | ||
| - | 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD | ||
| - | aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV | ||
| - | HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG | ||
| - | SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 | ||
| - | ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr | ||
| - | AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz | ||
| - | R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 | ||
| - | JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo | ||
| - | Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ | ||
| - | -----END CERTIFICATE----- | ||
| - | EoT | ||
| - | |||
| - | /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem | ||
| - | </code> | ||
| - | |||
| - | La salida debe ser similar a esta: | ||
| - | <code> | ||
| - | zimbra@mail-proxy-2:/tmp$ /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem | ||
| - | ** Verifying 'cert.pem' against 'privkey.pem' | ||
| - | Certificate 'cert.pem' and private key 'privkey.pem' match. | ||
| - | ** Verifying 'cert.pem' against 'fullchain.pem' | ||
| - | Valid certificate chain: cert.pem: OK | ||
| - | zimbra@mail-proxy-2:/tmp$ | ||
| - | </code> | ||
| - | |||
| - | Si todo está bien se puede sobre incluir la llave privada dentro de la estrucutra del zimbra | ||
| - | <code> | ||
| - | #copia de seguridad | ||
| - | cp -f /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.key.`date +'%Y%m%d%H%M%S'` | ||
| - | #borro | ||
| - | rm -f /opt/zimbra/ssl/zimbra/commercial/commercial.key | ||
| - | #pasar la nueva | ||
| - | cp privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key | ||
| - | #verificar de nuevo | ||
| - | /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key cert.pem fullchain.pem | ||
| - | #instalación definitiva | ||
| - | /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem fullchain.pem | ||
| - | </code> | ||
| - | |||
| - | |||
| - | Para verificar todo al final: | ||
| - | <code> | ||
| - | /opt/zimbra/bin/zmcertmgr viewdeployedcrt all | ||
| - | </code> | ||
| - | |||
zimbrassl.txt · Last modified: 2020/04/10 17:38 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
