Web与技术 · 2018年05月23号 0

Zimbra8.7.x备份和转移SSL证书

因为Zimbra默认关闭了明文的端口,只开放了加密端口;所以给Zimbra申请安装第三方国际SSL证书就很有必要;但最近遇到更换Zimbra服务器,在新服务器上全新安装Zimbra后,老服务器上的SSL证书怎么转移到新服务器就是个问题了。下面记录一下方法,以便后用。

老服务器操作

创建/sslbk目录

# mkdir /sslbk

复制/opt/zimbra/ssl下所有文件到/sslbk

# \cp -ar /opt/zimbra/ssl/* /sslbk/

压缩/sslbk目录为/sslbk.zip

# zip -r /sslbk.zip /sslbk/

用scp命令把/sslbk.zip传输到新服务器的根目录下

# scp -P2222 /sslbk.zip [email protected]:/

新服务器操作

停止zimbra服务

# su zimbra
$ zmcontrol stop

作为root登录,重命名/opt/zimbra/ssl目录

# mv /opt/zimbra/ssl/ /opt/zimbra/ssl.bak

解压缩刚从老服务器传输过来的/sslbk.zip

# unzip /sslbk.zip

复制解压后的/sslbk到/opt/zimbra/,重命名为ssl,并修改ssl所属用户和组为zimbra

# \cp -ar /sslbk /opt/zimbra/
# mv /opt/zimbra/sslbk/ /opt/zimbra/ssl
# chown zimbra:zimbra /opt/zimbra/ssl -R

切换到zimbra帐号登录,并进入/opt/zimbra/bin目录

# su zimbra
$ cd /opt/zimbra/bin/

执行下面命令

$ ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt

执行结束后,有下面提示,说明SSL证书转移成功

** NOTE: restart services to use the new certificates.
** Cleaning up 3 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/ca.pem
** Removing /opt/zimbra/conf/ca/dd182a49.0
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink 'dd182a49.0' -> 'ca.pem'
** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
** Creating CA hash symlink '157753a5.0' -> 'commercial_ca_1.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
** Creating CA hash symlink 'd6325660.0' -> 'commercial_ca_2.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt
** Creating CA hash symlink '8d28ae65.0' -> 'commercial_ca_3.crt'

启动zimbra服务,使SSL证书生效

$ zmcontrol start