Instalasi GeoTrust SSL Certificate Pada Zimbra

Instalasi GeoTrust SSL Certificate Pada Zimbra

Instalasi GeoTrust SSL Certificate Pada ZimbraInstalasi GeoTrust SSL Certificate Pada Zimbra ini menjelaskan bagaimana cara instalasi GeoTrust pada zimbra menggunakan CLI. Ketika membeli GeoTrust SSL Certificate biasanya mendapatkan file CERT SSL.zip yang berisi 3 folder: CER – CRT Files, PKCS7 File, Plain Text Files. Pada GeoTrust SSL Certificate yang akan digunakan adalah folder CER – CRT Files, folder ini biasanya berisi:

  1. CACertificate-INTERMEDIATE-1.cer
  2. CACertificate-ROOT-2.cer
  3. My_CA_Bundle.ca-bundle
  4. ServerCertificate.cer

Catatan:
1. file My_CA_Bundle.ca-bundle merupakan gabungan CACertificate-INTERMEDIATE-1.cer dan CACertificate-ROOT-2.cer
2. Untuk instalasi SSL pada zimbra 8.7 ke atas gunakanlah user zimbra untuk deploy SSL
3. Untuk instalasi SSL pada zimbra 8.6 ke bawah gunakanlah user root untuk deploy SSL

Langkah-langkah Instalasi

Pada Instalasi GeoTrust SSL Certificate Pada Zimbra, yang dibutuhkan hanya file My_CA_Bundle.ca-bundle dan ServerCertificate.cer, Karena yang di deploy ssl ini mengunakan zimbra 8.8.10 maka user yang digunakan user zimbra

1. Buat folder baru pada /opt menggunakan perintah berikut (user root)

 mkdir /opt/ssl

2. Transfer file My_CA_Bundle.ca-bundle dan ServerCertificate.cer menggunakan WinScp atau yang lainnya kedalam direktori /opt/ssl
3. Masuk pada direktori /opt/ssl dan ubah ownership file My_CA_Bundle.ca-bundle dan ServerCertificate.cer (user root)

cd /opt/ssl
chown zimbra.zimbra *

4. Siapkan file commercial_ca.crt menggunakan perintah berikut(masuk ke user zimbra):

su - zimbra
cat /opt/ssl/My_CA_Bundle.ca-bundle > /tmp/commercial_ca.crt

5. Siapkan file commercial.crt menggunakan perintah berikut(user zimbra):

cat /opt/sslServerCertificate.cer > /tmp/commercial.crt

6. Cek SSL, private key, CA. Apakah valid tidaknya. Penting!!! Sebelum deploy SSL pastikan statusnya valid (user zimbra)

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/commercial_ca.crt

Bila valid, maka akan muncul seperti berikut:

** Verifying '/tmp/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/tmp/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/tmp/commercial.crt' against '/tmp/commercial_ca.crt'
Valid certificate chain: /tmp/commercial.crt: OK

7. Bila SSL valid, langkah berikutnya deploy SSL Certificate menggunakan perintah berikut (user zimbra)

/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt

Proses deploy SSL seperti berikut

** Fixing newlines in '/tmp/commercial_ca.crt'
** Verifying '/tmp/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/tmp/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/tmp/commercial.crt' against '/tmp/commercial_ca.crt'
Valid certificate chain: /tmp/commercial.crt: OK
** Copying '/tmp/commercial.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Copying '/tmp/commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
** Appending ca chain '/tmp/commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.latihanzimbra.ga...ok
** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.latihanzimbra.ga...ok
** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/conf/imapd.keystore'
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'
** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'
** NOTE: restart services to use the new certificates.
** Cleaning up 3 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/ca.pem
** Removing /opt/zimbra/conf/ca/1ab2ad2c.0
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink '1ab2ad2c.0' -> 'ca.pem'
** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
** Creating CA hash symlink '968d05c4.0' -> 'commercial_ca_1.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
** Creating CA hash symlink '3513523f.0' -> 'commercial_ca_2.crt'

8. Restart service zimbra (user zimbra)

zmcontrol restart

Selesai..

Bila membutuhkan SSL Zimbra atau pemasangan SSL Zimbra bisa menghubungi kami melalui Contact atau WhatsApp
Layanan SSL Certificate Zimbra Mail Server

×

Hello!

Klik salah satu dibawah untuk chat WhatsApp atau kirim email kepada kami ke info@saad.web.id

× WhatsApp Kami