Links
https://www.ssls.com/knowledgebase/how-to-install-an-ssl-certificate-on-zimbra/
https://bakiyak.wordpress.com/2019/07/16/zimbra-unable-to-start-tls-ssl-connect-attempt-failed/
https://forums.zimbra.org/viewtopic.php?t=65875
https://www.ssls.com/user/orders/view/91366352
https://wiki.zimbra.com/wiki/CLI_zmlocalconfig_(Local_Configuration)
#view config values
zmlocalconfig -d ldap_starttls_supported
zmlocalconfig -d ldap_starttls_required
……………..
scp -i /home/ashain/remote/passaccounting/keys/pass_accounting_servers.pem commercial.key ubuntu@3.111.148.21:/home/ubuntu/2022/
scp -i /home/ashain/remote/passaccounting/keys/pass_accounting_servers.pem mail_passaccounting_lk.crt ubuntu@3.111.148.21:/home/ubuntu/2022/
scp -i /home/ashain/remote/passaccounting/keys/pass_accounting_servers.pem mail_passaccounting_lk.ca-bundle ubuntu@3.111.148.21:/home/ubuntu
ssh ubuntu@3.111.148.21 -i /home/ashain/remote/passaccounting/keys/pass_accounting_servers.pem
chmod 400 /home/ashain/remote/passaccounting/keys/pass_accounting_servers.pem
ssh ubuntu@3.111.148.21 -i /home/ashain/remote/passaccounting/keys/pass_accounting_servers.pem
/opt/zimbra/ssl/zimbra/commercial
commercial.key commercial.crt commercial_ca.crt
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
#to edit
zmlocalconfig -e ldap_starttls_supported=0
zmlocalconfig -e ldap_starttls_required=false
zimbra@mail:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
Command Output Log………………
** Verifying ‘/opt/zimbra/ssl/zimbra/commercial/commercial.crt’ against ‘/opt/zimbra/ssl/zimbra/commercial/commercial.key’
Certificate ‘/opt/zimbra/ssl/zimbra/commercial/commercial.crt’ and private key ‘/opt/zimbra/ssl/zimbra/commercial/commercial.key’ match.
** Verifying ‘/opt/zimbra/ssl/zimbra/commercial/commercial.crt’ against ‘/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt’
Valid certificate chain: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK
zimbra@mail:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
** Fixing newlines in ‘/opt/zimbra/ssl/zimbra/commercial/commercial.crt’
** Fixing newlines in ‘/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt’
** Verifying ‘/opt/zimbra/ssl/zimbra/commercial/commercial.crt’ against ‘/opt/zimbra/ssl/zimbra/commercial/commercial.key’
Certificate ‘/opt/zimbra/ssl/zimbra/commercial/commercial.crt’ and private key ‘/opt/zimbra/ssl/zimbra/commercial/commercial.key’ match.
** Verifying ‘/opt/zimbra/ssl/zimbra/commercial/commercial.crt’ against ‘/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt’
Valid certificate chain: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK
** Appending ca chain ‘/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt’ to ‘/opt/zimbra/ssl/zimbra/commercial/commercial.crt’
** Importing cert ‘/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt’ as ‘zcs-user-commercial_ca’ into cacerts ‘/opt/zimbra/common/lib/jvm/java/lib/security/cacerts’
** NOTE: restart mailboxd to use the imported certificate.
** Saving config key ‘zimbraSSLCertificate’ via zmprov modifyServer mail.passaccounting.lk…ok
** Saving config key ‘zimbraSSLPrivateKey’ via zmprov modifyServer mail.passaccounting.lk…ok
** Installing imapd certificate ‘/opt/zimbra/conf/imapd.crt’ and key ‘/opt/zimbra/conf/imapd.key’
** Copying ‘/opt/zimbra/ssl/zimbra/commercial/commercial.crt’ to ‘/opt/zimbra/conf/imapd.crt’
** Copying ‘/opt/zimbra/ssl/zimbra/commercial/commercial.key’ to ‘/opt/zimbra/conf/imapd.key’
** Creating file ‘/opt/zimbra/ssl/zimbra/jetty.pkcs12’
** Creating keystore ‘/opt/zimbra/conf/imapd.keystore’
** Installing ldap certificate ‘/opt/zimbra/conf/slapd.crt’ and key ‘/opt/zimbra/conf/slapd.key’
** Copying ‘/opt/zimbra/ssl/zimbra/commercial/commercial.crt’ to ‘/opt/zimbra/conf/slapd.crt’
** Copying ‘/opt/zimbra/ssl/zimbra/commercial/commercial.key’ to ‘/opt/zimbra/conf/slapd.key’
** Creating file ‘/opt/zimbra/ssl/zimbra/jetty.pkcs12’
** Creating keystore ‘/opt/zimbra/mailboxd/etc/keystore’
** Installing mta certificate ‘/opt/zimbra/conf/smtpd.crt’ and key ‘/opt/zimbra/conf/smtpd.key’
** Copying ‘/opt/zimbra/ssl/zimbra/commercial/commercial.crt’ to ‘/opt/zimbra/conf/smtpd.crt’
** Copying ‘/opt/zimbra/ssl/zimbra/commercial/commercial.key’ to ‘/opt/zimbra/conf/smtpd.key’
** Installing proxy certificate ‘/opt/zimbra/conf/nginx.crt’ and key ‘/opt/zimbra/conf/nginx.key’
** Copying ‘/opt/zimbra/ssl/zimbra/commercial/commercial.crt’ to ‘/opt/zimbra/conf/nginx.crt’
** Copying ‘/opt/zimbra/ssl/zimbra/commercial/commercial.key’ to ‘/opt/zimbra/conf/nginx.key’
** NOTE: restart services to use the new certificates.
** Cleaning up 9 files from ‘/opt/zimbra/conf/ca’
** Removing /opt/zimbra/conf/ca/ee64a828.0
** Removing /opt/zimbra/conf/ca/39fc7cf3.0
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/commercial_ca_2.crt
** Removing /opt/zimbra/conf/ca/ca.pem
** Removing /opt/zimbra/conf/ca/commercial_ca_3.crt
** Removing /opt/zimbra/conf/ca/fc5a8f99.0
** Removing /opt/zimbra/conf/ca/commercial_ca_1.crt
** Removing /opt/zimbra/conf/ca/65ff7287.0
** Copying CA to /opt/zimbra/conf/ca
** Copying ‘/opt/zimbra/ssl/zimbra/ca/ca.key’ to ‘/opt/zimbra/conf/ca/ca.key’
** Copying ‘/opt/zimbra/ssl/zimbra/ca/ca.pem’ to ‘/opt/zimbra/conf/ca/ca.pem’
** Creating CA hash symlink ’39fc7cf3.0′ -> ‘ca.pem’
** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
** Creating CA hash symlink ’65ff7287.0′ -> ‘commercial_ca_1.crt’
** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
** Creating CA hash symlink ‘fc5a8f99.0’ -> ‘commercial_ca_2.crt’
** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt
** Creating CA hash symlink ‘ee64a828.0’ -> ‘commercial_ca_3.crt’
Log End ………………………………………….
zmlocalconfig -e ldap_starttls_supported=0
zmlocalconfig -e ldap_starttls_required=false
zmcontrol start
cd /opt/zimbra/ssl/zimbra/commercial
ls
mkdir 2022
ls
cd 2022/
cd /opt/zimbra/ssl/zimbra/commercial
ls /home/
mkdir /home/ubuntu/2022
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/2022/mail_passaccounting_lk.crt /opt/zimbra/ssl/zimbra/commercial/2022/mail_passaccounting_lk.ca-bundle
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/2022/commercial.key /opt/zimbra/ssl/zimbra/commercial/2022/mail_passaccounting_lk.crt /opt/zimbra/ssl/zimbra/commercial/2022/mail_passaccounting_lk.ca-bundle
