zimbrassl
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
zimbrassl [2017/07/08 02:46] moliver created |
zimbrassl [2020/04/10 17:38] (current) |
||
|---|---|---|---|
| Line 4: | Line 4: | ||
| Se debe adicionar un root CA que es este: https://www.identrust.com/certificates/trustid/root-download-x3.html | Se debe adicionar un root CA que es este: https://www.identrust.com/certificates/trustid/root-download-x3.html | ||
| + | |||
| + | <code> | ||
| + | -----BEGIN CERTIFICATE----- | ||
| + | MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | ||
| + | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||
| + | DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow | ||
| + | PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | ||
| + | Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | ||
| + | AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O | ||
| + | rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq | ||
| + | OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b | ||
| + | xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw | ||
| + | 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD | ||
| + | aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV | ||
| + | HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG | ||
| + | SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 | ||
| + | ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr | ||
| + | AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz | ||
| + | R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 | ||
| + | JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo | ||
| + | Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ | ||
| + | -----END CERTIFICATE----- | ||
| + | </code> | ||
| + | |||
| Seguir los pasos de verificacion y deploy de aqui: https://wiki.zimbra.com/wiki/Installing_a_Comodo_SSL_Certificate_on_Zimbra_Collaboration | Seguir los pasos de verificacion y deploy de aqui: https://wiki.zimbra.com/wiki/Installing_a_Comodo_SSL_Certificate_on_Zimbra_Collaboration | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | Para los proxy copiar todo desde OKA | ||
| + | <code> | ||
| + | cd /tmp | ||
| + | scp root@10.12.1.5:/etc/letsencrypt/live/mta.uclv.edu.cu-0001/* . | ||
| + | </code> | ||
| + | |||
| + | Luego adicionar el CA de LE y pasarlo al proceso de verificación del zimbra | ||
| + | <code> | ||
| + | cat >> fullchain.pem << 'EoT' | ||
| + | -----BEGIN CERTIFICATE----- | ||
| + | MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | ||
| + | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||
| + | DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow | ||
| + | PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | ||
| + | Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | ||
| + | AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O | ||
| + | rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq | ||
| + | OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b | ||
| + | xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw | ||
| + | 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD | ||
| + | aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV | ||
| + | HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG | ||
| + | SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 | ||
| + | ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr | ||
| + | AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz | ||
| + | R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 | ||
| + | JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo | ||
| + | Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ | ||
| + | -----END CERTIFICATE----- | ||
| + | EoT | ||
| + | |||
| + | /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem | ||
| + | </code> | ||
| + | |||
| + | La salida debe ser similar a esta: | ||
| + | <code> | ||
| + | zimbra@mail-proxy-2:/tmp$ /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem | ||
| + | ** Verifying 'cert.pem' against 'privkey.pem' | ||
| + | Certificate 'cert.pem' and private key 'privkey.pem' match. | ||
| + | ** Verifying 'cert.pem' against 'fullchain.pem' | ||
| + | Valid certificate chain: cert.pem: OK | ||
| + | zimbra@mail-proxy-2:/tmp$ | ||
| + | </code> | ||
| + | |||
| + | Si todo está bien se puede sobre incluir la llave privada dentro de la estrucutra del zimbra | ||
| + | <code> | ||
| + | #copia de seguridad | ||
| + | cp -f /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.key.`date +'%Y%m%d%H%M%S'` | ||
| + | #borro | ||
| + | rm -f /opt/zimbra/ssl/zimbra/commercial/commercial.key | ||
| + | #pasar la nueva | ||
| + | cp privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key | ||
| + | #verificar de nuevo | ||
| + | /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key cert.pem fullchain.pem | ||
| + | #instalación definitiva | ||
| + | /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem fullchain.pem | ||
| + | </code> | ||
| + | |||
| + | |||
| + | Para verificar todo al final: | ||
| + | <code> | ||
| + | /opt/zimbra/bin/zmcertmgr viewdeployedcrt all | ||
| + | </code> | ||
zimbrassl.1499481985.txt.gz · Last modified: 2020/04/10 17:38 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
