This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
zimbrassl [2017/07/08 02:46] moliver created |
zimbrassl [2020/04/10 17:38] (current) |
||
---|---|---|---|
Line 4: | Line 4: | ||
Se debe adicionar un root CA que es este: https://www.identrust.com/certificates/trustid/root-download-x3.html | Se debe adicionar un root CA que es este: https://www.identrust.com/certificates/trustid/root-download-x3.html | ||
+ | |||
+ | <code> | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | ||
+ | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||
+ | DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow | ||
+ | PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | ||
+ | Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | ||
+ | AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O | ||
+ | rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq | ||
+ | OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b | ||
+ | xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw | ||
+ | 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD | ||
+ | aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV | ||
+ | HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG | ||
+ | SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 | ||
+ | ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr | ||
+ | AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz | ||
+ | R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 | ||
+ | JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo | ||
+ | Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ | ||
+ | -----END CERTIFICATE----- | ||
+ | </code> | ||
+ | |||
Seguir los pasos de verificacion y deploy de aqui: https://wiki.zimbra.com/wiki/Installing_a_Comodo_SSL_Certificate_on_Zimbra_Collaboration | Seguir los pasos de verificacion y deploy de aqui: https://wiki.zimbra.com/wiki/Installing_a_Comodo_SSL_Certificate_on_Zimbra_Collaboration | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | Para los proxy copiar todo desde OKA | ||
+ | <code> | ||
+ | cd /tmp | ||
+ | scp root@10.12.1.5:/etc/letsencrypt/live/mta.uclv.edu.cu-0001/* . | ||
+ | </code> | ||
+ | |||
+ | Luego adicionar el CA de LE y pasarlo al proceso de verificación del zimbra | ||
+ | <code> | ||
+ | cat >> fullchain.pem << 'EoT' | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | ||
+ | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||
+ | DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow | ||
+ | PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | ||
+ | Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | ||
+ | AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O | ||
+ | rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq | ||
+ | OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b | ||
+ | xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw | ||
+ | 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD | ||
+ | aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV | ||
+ | HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG | ||
+ | SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 | ||
+ | ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr | ||
+ | AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz | ||
+ | R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 | ||
+ | JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo | ||
+ | Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ | ||
+ | -----END CERTIFICATE----- | ||
+ | EoT | ||
+ | |||
+ | /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem | ||
+ | </code> | ||
+ | |||
+ | La salida debe ser similar a esta: | ||
+ | <code> | ||
+ | zimbra@mail-proxy-2:/tmp$ /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem | ||
+ | ** Verifying 'cert.pem' against 'privkey.pem' | ||
+ | Certificate 'cert.pem' and private key 'privkey.pem' match. | ||
+ | ** Verifying 'cert.pem' against 'fullchain.pem' | ||
+ | Valid certificate chain: cert.pem: OK | ||
+ | zimbra@mail-proxy-2:/tmp$ | ||
+ | </code> | ||
+ | |||
+ | Si todo está bien se puede sobre incluir la llave privada dentro de la estrucutra del zimbra | ||
+ | <code> | ||
+ | #copia de seguridad | ||
+ | cp -f /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.key.`date +'%Y%m%d%H%M%S'` | ||
+ | #borro | ||
+ | rm -f /opt/zimbra/ssl/zimbra/commercial/commercial.key | ||
+ | #pasar la nueva | ||
+ | cp privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key | ||
+ | #verificar de nuevo | ||
+ | /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key cert.pem fullchain.pem | ||
+ | #instalación definitiva | ||
+ | /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem fullchain.pem | ||
+ | </code> | ||
+ | |||
+ | |||
+ | Para verificar todo al final: | ||
+ | <code> | ||
+ | /opt/zimbra/bin/zmcertmgr viewdeployedcrt all | ||
+ | </code> | ||