因为Zimbra默认关闭了明文的端口,只开放了加密端口;所以给Zimbra申请安装第三方国际SSL证书就很有必要;但最近遇到更换Zimbra服务器,在新服务器上全新安装Zimbra后,老服务器上的SSL证书怎么转移到新服务器就是个问题了。下面记录一下方法,以便后用。
老服务器操作
创建/sslbk目录
# mkdir /sslbk |
复制/opt/zimbra/ssl下所有文件到/sslbk
# \cp -ar /opt/zimbra/ssl/* /sslbk/ |
压缩/sslbk目录为/sslbk.zip
# zip -r /sslbk.zip /sslbk/ |
用scp命令把/sslbk.zip传输到新服务器的根目录下
# scp -P2222 /sslbk.zip [email protected]:/ |
新服务器操作
停止zimbra服务
# su zimbra $ zmcontrol stop |
作为root登录,重命名/opt/zimbra/ssl目录
# mv /opt/zimbra/ssl/ /opt/zimbra/ssl.bak |
解压缩刚从老服务器传输过来的/sslbk.zip
# unzip /sslbk.zip |
复制解压后的/sslbk到/opt/zimbra/,重命名为ssl,并修改ssl所属用户和组为zimbra
# \cp -ar /sslbk /opt/zimbra/ # mv /opt/zimbra/sslbk/ /opt/zimbra/ssl # chown zimbra:zimbra /opt/zimbra/ssl -R |
切换到zimbra帐号登录,并进入/opt/zimbra/bin目录
# su zimbra $ cd /opt/zimbra/bin/ |
执行下面命令
$ ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt |
执行结束后,有下面提示,说明SSL证书转移成功
** NOTE: restart services to use the new certificates. ** Cleaning up 3 files from '/opt/zimbra/conf/ca' ** Removing /opt/zimbra/conf/ca/ca.key ** Removing /opt/zimbra/conf/ca/ca.pem ** Removing /opt/zimbra/conf/ca/dd182a49.0 ** Copying CA to /opt/zimbra/conf/ca ** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key' ** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem' ** Creating CA hash symlink 'dd182a49.0' -> 'ca.pem' ** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt ** Creating CA hash symlink '157753a5.0' -> 'commercial_ca_1.crt' ** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt ** Creating CA hash symlink 'd6325660.0' -> 'commercial_ca_2.crt' ** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt ** Creating CA hash symlink '8d28ae65.0' -> 'commercial_ca_3.crt' |
启动zimbra服务,使SSL证书生效
$ zmcontrol start |
