HomeZimbraMove/Copy SSL Certificate from One Zimbra Server To Another

Move/Copy SSL Certificate from One Zimbra Server To Another

Software Effect Enterprises, Inc Posted on by
  • On the source server – 
    su -
cp -a /opt/zimbra/ssl /sslbk
tar -czf /sslbk.tgz /sslbk
  • Copy sslbk.tgz to the / directory on the server you want to copy the certificate to
  • On the destination server stop the zimbra service.
  • On the destination server 
    su -
mv /opt/zimbra/ssl /opt/zimbra/ssl_old
tar -xvzf /sslbk.tgz
cp -a /sskbk /opt/zimbra/ssl
chown -R zimbra.zimbra /opt/zimbra/ssl
  • Deploy the cert using the following commands 
    su zimbra
~/bin/zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt /sslbk/zimbra/commercial/commercial_ca.crt
exit
service zimbra restart

Common error messages

If you see this message, then make sure to unzip the file sslbk.zip and replace /opt/zimbra/ssl with sslbk files.

[root@zim-lab-06 bin]# ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt
** Verifying /sslbk/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
XXXXX ERROR: Unmatching certificate (/sslbk/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
XXXXX ERROR: provided cert isn't valid

If you see a list of services that did not start post re-install of the SSL certificate, then restart the Zimbra service and may have to clear the PID number from the .pid files to force a refresh of zimbra process tracking. /opt/zimbra/log

http://wiki.zimbra.com/wiki/Installing_Certificates_from_the_Master_LDAP_to_a_LDAP_Replica

http://wiki.zimbra.com/index.php?title=Transfer_SSL_certificates_between_servers

Comments are closed.