This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
zimbrassl [2017/08/17 11:53] moliver |
zimbrassl [2020/04/10 17:38] (current) |
||
---|---|---|---|
Line 34: | Line 34: | ||
- | Para los proxy | + | Para los proxy copiar todo desde OKA |
<code> | <code> | ||
cd /tmp | cd /tmp | ||
- | scp root@10.12.1.5:/etc/letsencrypt/live/correo.uclv.edu.cu-0002/* . | + | scp root@10.12.1.5:/etc/letsencrypt/live/mta.uclv.edu.cu-0001/* . |
+ | </code> | ||
- | cat >> fullchain.pem | + | Luego adicionar el CA de LE y pasarlo al proceso de verificación del zimbra |
+ | <code> | ||
+ | cat >> fullchain.pem << 'EoT' | ||
-----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | ||
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | ||
Line 61: | Line 64: | ||
-----END CERTIFICATE----- | -----END CERTIFICATE----- | ||
EoT | EoT | ||
+ | |||
+ | /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem | ||
+ | </code> | ||
+ | |||
+ | La salida debe ser similar a esta: | ||
+ | <code> | ||
+ | zimbra@mail-proxy-2:/tmp$ /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem | ||
+ | ** Verifying 'cert.pem' against 'privkey.pem' | ||
+ | Certificate 'cert.pem' and private key 'privkey.pem' match. | ||
+ | ** Verifying 'cert.pem' against 'fullchain.pem' | ||
+ | Valid certificate chain: cert.pem: OK | ||
+ | zimbra@mail-proxy-2:/tmp$ | ||
+ | </code> | ||
+ | |||
+ | Si todo está bien se puede sobre incluir la llave privada dentro de la estrucutra del zimbra | ||
+ | <code> | ||
+ | #copia de seguridad | ||
+ | cp -f /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.key.`date +'%Y%m%d%H%M%S'` | ||
+ | #borro | ||
+ | rm -f /opt/zimbra/ssl/zimbra/commercial/commercial.key | ||
+ | #pasar la nueva | ||
+ | cp privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key | ||
+ | #verificar de nuevo | ||
+ | /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key cert.pem fullchain.pem | ||
+ | #instalación definitiva | ||
+ | /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem fullchain.pem | ||
+ | </code> | ||
+ | |||
+ | |||
+ | Para verificar todo al final: | ||
+ | <code> | ||
+ | /opt/zimbra/bin/zmcertmgr viewdeployedcrt all | ||
+ | </code> | ||