Contents
Pada artikel Tips Regenerate Self Signed SSL Certificate Zimbra Single Server, akan dijelaskan bagaimana cara Regenerate / Generate Self Signed SSL Certificate Zimbra Single Server.
Tujuan
Regenerate the SSL certificate pada Zimbra Single Server. Karena pada defaultnya, self signed SSL Certificate hanya valid selama 5 tahun saja.
Resolusi
Buat atau generate Certificate Authority (CA) baru.
1 2 3 |
root@mail ~]# /opt/zimbra/bin/zmcertmgr createca -new ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done. |
Deploy Certificate Authority (CA) yang telah dibuat sebelumnya.
1 2 3 4 5 |
[root@mail ~]# /opt/zimbra/bin/zmcertmgr deployca ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done. ** Saving global config key zimbraCertAuthorityCertSelfSigned...done. ** Saving global config key zimbraCertAuthorityKeySelfSigned...done. ** Copying CA to /opt/zimbra/conf/ca...done. |
Buat atau generate certificate yang valid selama 365 hari.
1 2 3 4 5 6 7 8 9 10 11 |
[root@mail ~]# /opt/zimbra/bin/zmcertmgr createcrt -new -days 365 Validation days: 365 ** Creating /opt/zimbra/conf/zmssl.cnf...done ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20160623120522 ** Generating a server csr for download self -new -keysize 2048 -digest sha1 ** Creating /opt/zimbra/conf/zmssl.cnf...done ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20160623120523 ** Creating /opt/zimbra/conf/zmssl.cnf...done ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done. ** Saving server config key zimbraSSLPrivateKey...done. ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done. |
Deploy certificate yang telah dibuat atau generate.
1 2 3 4 5 6 7 8 9 |
[root@mail ~]# /opt/zimbra/bin/zmcertmgr deploycrt self ** Saving server config key zimbraSSLCertificate...done. ** Saving server config key zimbraSSLPrivateKey...done. ** Installing mta certificate and key...done. ** Installing slapd certificate and key...done. ** Installing proxy certificate and key...done. ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done. ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done. ** Installing CA to /opt/zimbra/conf/ca...done. |
Lihat hasil dari hasil deploy certificate.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
[root@mail ~]# /opt/zimbra/bin/zmcertmgr viewdeployedcrt ::service mta:: notBefore=Jun 23 05:05:27 2016 GMT notAfter=Jun 23 05:05:27 2017 GMT subject= /C=US/ST=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.company.co.id issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.company.co.id SubjectAltName= ::service proxy:: notBefore=Jun 23 05:05:27 2016 GMT notAfter=Jun 23 05:05:27 2017 GMT subject= /C=US/ST=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.company.co.id issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.company.co.id SubjectAltName= ::service mailboxd:: notBefore=Jun 23 05:05:27 2016 GMT notAfter=Jun 23 05:05:27 2017 GMT subject= /C=US/ST=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.company.co.id issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.company.co.id SubjectAltName= ::service ldap:: notBefore=Jun 23 05:05:27 2016 GMT notAfter=Jun 23 05:05:27 2017 GMT subject= /C=US/ST=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.company.co.id issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.company.co.id SubjectAltName= |
Jika sudah sesuai, restart service zimbra.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
[root@mail ~]# /etc/init.d/zimbra restart Host mail.company.co.id Stopping vmware-ha...skipped. /opt/zimbra/bin/zmhactl missing or not executable. Stopping zmconfigd...Done. Stopping stats...Done. Stopping mta...Done. Stopping spell...Done. Stopping snmp...Done. Stopping cbpolicyd...Done. Stopping archiving...Done. Stopping opendkim...Done. Stopping amavis...Done. Stopping antivirus...Done. Stopping antispam...Done. Stopping proxy...Done. Stopping memcached...Done. Stopping mailbox...Done. Stopping logger...Done. Stopping ldap...Done. Host mail.company.co.id Starting ldap...Done. Starting zmconfigd...Done. Starting logger...Done. Starting mailbox...Done. Starting amavis...Done. Starting antispam...Done. Starting antivirus...Done. Starting opendkim...Done. Starting snmp...Done. Starting spell...Done. Starting mta...Done. Starting stats...Done. |
Bagi Kamu Yang Ingin Mendapatkan Penawaran Incident Support atau Local Support Untuk Perusahaan/Institusi Kamu Saat Ini. Silahkan klik dibawah ini dan tuliskan pesan di layanan chat yang tersedia