회사메일서버_ SSL 인증하기_zimbra(centos7)

Post Views: 74

회사_ ssl 인증하기_zimbra

certbot --version

port 80 open 시킨후 실행 port 충돌 확인

nginx stop 시킴. 방화벽 80, 443, 포트 활성화시킴.

cd /root

certbot certonly --standalone -d mail.ycit.co.kr

cd /root

git clone https://github.com/letsencrypt/letsencrypt

cd letsencrypt

certbot certonly –standalone -d mail.ycit.co.kr

certbot certonly --standalone -d mail.ycit.co.kr

u 선택  리뉴얼 선택

su zimbra

zmproxyctl stop

To setup lets encrypt SSL certificates use:

First stop web and mailbox services as *zimbra user*:
zmproxyctl stop

zmmailboxdctl stop
Download letsencrypt github package as *root user*
yum -y install git epel-release

git clone https://github.com/letsencrypt/letsencrypt

cd letsencrypt
Get letsencrypt certificates for domain using:
./certbot-auto certonly --standalone -d mail.ycit.co.kr 
On various prompts use:
Emergency email - mc_05@eycit.co.kr
Agree/Cancel - A
Yes/No - Y
The important file locations are:
/etc/letsencrypt/live/mail.ycit.co.kr/fullchain.pem
/etc/letsencrypt/live/mail.ycit.co.kr/privkey.pem
Download Root and intermediate certificates from https://letsencrypt.org/certificates/ Example

cd /etc/letsencrypt/live/mail.ycit.co.kr/

wget https://letsencrypt.org/certs/isrgrootx1.pem.txt

wget https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt
To give access to zimbra to certificates copy them to a sub-folder inside /opt/zimbra *as root*:
cd /etc/letsencrypt/live/mail.ycit.co.kr/

cat isrgrootx1.pem.txt letsencryptauthorityx3.pem.txt chain.pem > combined.pem

mkdir /opt/zimbra/ssl/letsencrypt

cp /etc/letsencrypt/live/mail.ycit.co.kr/* /opt/zimbra/ssl/letsencrypt/

chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*

ls -la /opt/zimbra/ssl/letsencrypt/
Install certificates *as zimbra* user:
cd /opt/zimbra/ssl/letsencrypt/

/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem combined.pem


#If above validation succeeds

cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key

/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem combined.pem


zmcontrol restart
Recently the above validations have started to fail with error: (Fix submitted by Dmitry Gusakov)
[zimbra@mail letsencrypt]$ /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem combined.pem

** Verifying 'cert.pem' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'

Certificate 'cert.pem' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.

** Verifying 'cert.pem' against 'combined.pem'

ERROR: Unable to validate certificate chain: cert.pem: CN = mail.zimbra.sbarjatiya.com

error 20 at 0 depth lookup:unable to get local issuer certificate

일	월	화	수	목	금	토
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

오세 VP110 vp135 vp140 줄나오는 증상.

캐논 C6575i 출력시 묻어서 출력됨

오세 캐논 C910 810 710 스태커 용지걸림문제

캐논 C7565i E004-0214-05 서미스터 온도 오류 수정

오세 vp110 vp135 vp140 출력시 살짝 줄생기는 증상

학원- 복합기 IR6575, 6275, 8285,전체 기본설정방법

답글 남기기 응답 취소

답글 남기기 응답 취소

Related News