zoukankan      html  css  js  c++  java
  • 云服务器搭建zimbra邮箱服务器、配置证书

    如果使用云服务器搭建邮箱服务器的话,根据相关规定。需要申请开通25端口,阿里云管控很严格,所以我使用的是自己的IDC机房服务器搭建,如果使用电信的网络需要申请开通25端口

    1、关闭防火墙

    2、关闭selinux

    3、内网IP :192.168.2.222      公网IP 221.12.155.245

    开始安装

    yum -y update

    安装zimbra所需要的包和库

    yum -y install perl perl-core nmap sudo libidn gmp libaio libstdc++ unzip sysstat sqlite nc

    关闭安装的MTA服务

    systemctl stop postfix.service
    systemctl disable postfix.service

    安装bind

    yum -y install bind bind-utils

    修改主机名

     修改 /etc/hosts

     修改/etc/resolv.conf

    chown -R named.named /var/named/

    修改 /etc/named.conf

    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    // See the BIND Administrator's Reference Manual (ARM) for details about the
    // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
    
    options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory     "/var/named";
        dump-file     "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
    
        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;
    
        dnssec-enable yes;
        dnssec-validation yes;
    
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
    
        managed-keys-directory "/var/named/dynamic";
    
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
    };
    
    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };
    
    zone "." IN {
        type hint;
        file "named.ca";
    };
    
    zone "zimbra.com" IN {
        type master;
        file "zimbra.com.zone";
    };
    
    zone "2.168.192.in-addr.arpa" IN {
            type master;
            file "192.168.2.arpa";
    };
    
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";

     

    创建DNS正向解析

    $TTL 86400
    @       IN      SOA    mail    mail.zimbra.com. (
                                   0          ; Serial
                                   43200      ; Refresh
                                   3600       ; Retry
                                   3600000    ; Expire
                                   2592000 )  ; Minimum
     
    
     
                   IN      NS      ns.zimbra.com.
                   IN      A       192.168.2.222
                   IN      MX 10       mail.zimbra.com.
    
    
    mail            IN      A       192.168.2.222
    ns              IN      A       192.168.2.222

    创建反向解析

    $TTL 1D
    @  IN SOA  zimbra.com.   mail.zimbra.com. (
                                            0       ; serial
                                            1D      ; refresh
                                            1H      ; retry
                                            1W      ; expire
                                            3H )    ; minimum
    2.168.192.in-addr.arpa.          IN     NS       ns.zimbra.com.
    222                              IN     PTR     ns.zimbra.com.
    222                              IN     PTR     mail.zimbra.com.

    测试DNS解析

    测试DNS解析

    dig zimbra.com MX

    dig -x 192.168.2.222

    启动named.service

    systemctl start named.service
    systemctl enable named.service

    下载、上传zimbra安装包至/opt 目录,我使用的是zcs-8.6.0版本

     地址:  http://www.zimbra.com/downloads/os-downloads.html

    解压安装zimbra 

    cd /opt
    tar
    zxvf zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz
     cd zcs-8.6.0_GA_1153.RHEL7_64.20141215151110
     ./install.sh --platform-override

    显示如下

    Operations logged to /tmp/install.log.31333
    Checking for existing installation...
        zimbra-ldap...NOT FOUND
        zimbra-logger...NOT FOUND
        zimbra-mta...NOT FOUND
        zimbra-dnscache...NOT FOUND
        zimbra-snmp...NOT FOUND
        zimbra-store...NOT FOUND
        zimbra-apache...NOT FOUND
        zimbra-spell...NOT FOUND
        zimbra-convertd...NOT FOUND
        zimbra-memcached...NOT FOUND
        zimbra-proxy...NOT FOUND
        zimbra-archiving...NOT FOUND
        zimbra-core...NOT FOUND
    
    
    PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
    ZIMBRA, INC. ("ZIMBRA") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
    FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
    THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
    THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
    AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
    
    License Terms for the Zimbra Collaboration Suite:
      http://www.zimbra.com/license/zimbra-public-eula-2-5.html

    # 输入y同意安装

    Do you agree with the terms of the software license agreement? [N] y

     

     

     

    Checking for prerequisites...

         FOUND: NPTL

         FOUND: nmap-ncat-6.40-7

         FOUND: sudo-1.8.6p7-16

         FOUND: libidn-1.28-4

         FOUND: gmp-6.0.0-12

         FOUND: libaio-0.3.109-13

         FOUND: libstdc++-4.8.5-4

         FOUND: unzip-6.0-15

         FOUND: perl-core-5.16.3-286

     

    Checking for suggested prerequisites...

         FOUND: perl-5.16.3

         FOUND: sysstat

         FOUND: sqlite

    Prerequisite check complete.

     

    Checking for installable packages

     

    Found zimbra-core

    Found zimbra-ldap

    Found zimbra-logger

    Found zimbra-mta

    Found zimbra-dnscache

    Found zimbra-snmp

    Found zimbra-store

    Found zimbra-apache

    Found zimbra-spell

    Found zimbra-memcached

    Found zimbra-proxy

     

     

    #输入Y安装zimbra所需组件

    Select the packages to install

     

    Install zimbra-ldap [Y]

     

    Install zimbra-logger [Y] Y

     

    Install zimbra-mta [Y] Y

     

    Install zimbra-dnscache [Y] Y

     

    Install zimbra-snmp [Y] Y

     

    Install zimbra-store [Y] Y

     

    Install zimbra-apache [Y] Y

     

    Install zimbra-spell [Y] Y

     

    Install zimbra-memcached [Y] Y

     

    Install zimbra-proxy [Y] Y

    Checking required space for zimbra-core

    Checking space for zimbra-store

    Checking required packages for zimbra-store

    zimbra-store package check complete.

     

    Installing:

        zimbra-core

        zimbra-ldap

        zimbra-logger

        zimbra-mta

        zimbra-dnscache

        zimbra-snmp

        zimbra-store

        zimbra-apache

        zimbra-spell

        zimbra-memcached

        zimbra-proxy

     

    # 输入Y确认操作修改

    The system will be modified.  Continue? [N] Y

     

    Removing /opt/zimbra

    Removing zimbra crontab entry...done.

    Cleaning up zimbra init scripts...done.

    Cleaning up /etc/ld.so.conf...done.

    Cleaning up /etc/security/limits.conf...done.

     

    Finished removing Zimbra Collaboration Server.

     

    Installing packages

     

        zimbra-core......zimbra-core-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

        zimbra-ldap......zimbra-ldap-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

        zimbra-logger......zimbra-logger-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

        zimbra-mta......zimbra-mta-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

        zimbra-dnscache......zimbra-dnscache-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

        zimbra-snmp......zimbra-snmp-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

        zimbra-store......zimbra-store-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

        zimbra-apache......zimbra-apache-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

        zimbra-spell......zimbra-spell-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

        zimbra-memcached......zimbra-memcached-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

        zimbra-proxy......zimbra-proxy-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done

    Operations logged to /tmp/zmsetup02252016-105150.log

    Installing LDAP configuration database...done.

    Setting defaults... MX: smtp.asia.secureserver.net (182.50.144.66)

        MX: mailstore1.asia.secureserver.net (182.50.144.67)

     

        Interface: 127.0.0.1

        Interface: ::1

        Interface: 10.1.0.100

            182.50.144.66

            182.50.144.66

            182.50.144.66

            182.50.144.67

            182.50.144.67

            182.50.144.67

    DNS ERROR resolving MX for mail.zimbra.com

    It is suggested that the domain name have an MX record configured in DNS

    Change domain name? [Yes]

    Create domain: [mail.zimbra.com] zimbra.com

             MX: mail.zimbra.com (192.168.1.109)

     

             Interface: 127.0.0.1

             Interface: ::1

             Interface: 192.168.1.109

    done.

    Checking for port conflicts

    Main menu

     

       1) Common Configuration:                                                 

       2) zimbra-ldap:                             Enabled                      

       3) zimbra-logger:                           Enabled                      

       4) zimbra-mta:                              Enabled                      

       5) zimbra-dnscache:                         Enabled                      

       6) zimbra-snmp:                             Enabled                      

       7) zimbra-store:                            Enabled                      

            +Create Admin User:                    yes                          

            +Admin user to create:                 admin@hongxue.com            

    ******* +Admin Password                        UNSET                        

            +Anti-virus quarantine user:           virus-quarantine.92q5ww2xk@hongxue.com

            +Enable automated spam training:       yes                          

            +Spam training user:                   spam.4jzqlif9fd@hongxue.com  

            +Non-spam(Ham) training user:          ham.bhxkaz_w@hongxue.com     

            +SMTP host:                            hongxue.com                  

            +Web server HTTP port:                 8080                         

            +Web server HTTPS port:                8443                         

            +Web server mode:                      https                        

            +IMAP server port:                     7143                          

            +IMAP server SSL port:                 7993                         

            +POP server port:                      7110                         

            +POP server SSL port:                  7995                         

            +Use spell check server:               yes                          

            +Spell server URL:                     http://hongxue.com:7780/aspell.php

            +Enable version update checks:         TRUE                         

            +Enable version update notifications:  TRUE                         

            +Version update notification email:    admin@hongxue.com            

            +Version update source email:          admin@hongxue.com            

            +Install mailstore (service webapp):   yes                          

            +Install UI (zimbra,zimbraAdmin webapps): yes                          

     

       8) zimbra-spell:                            Enabled                      

       9) zimbra-proxy:                            Enabled                      

      10) Default Class of Service Configuration:                               

       s) Save config to file                                                   

       x) Expand menu                                                            

       q) Quit                                   

     

     

    # 这边我们先选择7

    Address unconfigured (**) items  (? - help) 7

     

     

    Store configuration

     

       1) Status:                                  Enabled                      

       2) Create Admin User:                       yes                          

       3) Admin user to create:                    admin@hongxue.com            

    ** 4) Admin Password                           UNSET                        

       5) Anti-virus quarantine user:              virus-quarantine.92q5ww2xk@hongxue.com

       6) Enable automated spam training:          yes                          

       7) Spam training user:                      spam.4jzqlif9fd@hongxue.com  

       8) Non-spam(Ham) training user:             ham.bhxkaz_w@hongxue.com     

       9) SMTP host:                               hongxue.com                  

      10) Web server HTTP port:                    8080                         

      11) Web server HTTPS port:                   8443                          

      12) Web server mode:                         https                        

      13) IMAP server port:                        7143                         

      14) IMAP server SSL port:                    7993                         

      15) POP server port:                         7110                         

      16) POP server SSL port:                     7995                         

      17) Use spell check server:                  yes                          

      18) Spell server URL:                        http://hongxue.com:7780/aspell.php

      19) Enable version update checks:            TRUE                         

      20) Enable version update notifications:     TRUE                         

      21) Version update notification email:       admin@hongxue.com            

      22) Version update source email:             admin@hongxue.com            

      23) Install mailstore (service webapp):      yes                          

      24) Install UI (zimbra,zimbraAdmin webapps): yes                           

     

     

    # 接着选择4,设置 admin password

    Select, or 'r' for previous menu [r] 4

     

    Password for admin@hongxue.com (min 6 characters): [1ewBUZwGo] hongxuepassword

     

    Store configuration

     

       1) Status:                                  Enabled                      

       2) Create Admin User:                       yes                          

       3) Admin user to create:                    admin@hongxue.com            

       4) Admin Password                           set                          

       5) Anti-virus quarantine user:              virus-quarantine.92q5ww2xk@hongxue.com

       6) Enable automated spam training:          yes                          

       7) Spam training user:                      spam.4jzqlif9fd@hongxue.com  

       8) Non-spam(Ham) training user:             ham.bhxkaz_w@hongxue.com     

       9) SMTP host:                               hongxue.com                  

      10) Web server HTTP port:                    8080                         

      11) Web server HTTPS port:                   8443                         

      12) Web server mode:                         https                        

      13) IMAP server port:                        7143                         

      14) IMAP server SSL port:                    7993                          

      15) POP server port:                         7110                         

      16) POP server SSL port:                     7995                         

      17) Use spell check server:                  yes                          

      18) Spell server URL:                        http://hongxue.com:7780/aspell.php

      19) Enable version update checks:            TRUE                         

      20) Enable version update notifications:     TRUE                         

      21) Version update notification email:       admin@hongxue.com            

      22) Version update source email:             admin@hongxue.com            

      23) Install mailstore (service webapp):      yes                          

      24) Install UI (zimbra,zimbraAdmin webapps): yes                           

     

     

    # 按r回到上一级菜单

    Select, or 'r' for previous menu [r] r

     

    Main menu

     

       1) Common Configuration:                                                 

       2) zimbra-ldap:                             Enabled                      

       3) zimbra-logger:                           Enabled                      

       4) zimbra-mta:                              Enabled                      

       5) zimbra-dnscache:                         Enabled                      

       6) zimbra-snmp:                             Enabled                      

       7) zimbra-store:                            Enabled                      

       8) zimbra-spell:                            Enabled                      

       9) zimbra-proxy:                            Enabled                       

      10) Default Class of Service Configuration:                               

       s) Save config to file                                                   

       x) Expand menu                                                           

       q) Quit                                   

     

     

    # 下面按a以完成配置,并且yes下去,继续修改即可。之后就是zimbra自动一系列的配置了~

     

    *** CONFIGURATION COMPLETE - press 'a' to apply

    Select from menu, or press 'a' to apply config (? - help) a

    Save configuration data to a file? [Yes] yes

    Save config in file: [/opt/zimbra/config.41215]

    Saving config in /opt/zimbra/config.41215...done.

    The system will be modified - continue? [No] yes

    Operations logged to /tmp/zmsetup02252016-105150.log

    Setting local config values...done.

    Initializing core config...Setting up CA...done.

    Deploying CA to /opt/zimbra/conf/ca ...done.

    Creating SSL zimbra-store certificate...done.

    Creating new zimbra-ldap SSL certificate...done.

    Creating new zimbra-mta SSL certificate...done.

    Creating new zimbra-proxy SSL certificate...done.

    Installing mailboxd SSL certificates...done.

    Installing MTA SSL certificates...done.

    Installing LDAP SSL certificate...done.

    Installing Proxy SSL certificate...done.

    Initializing ldap...done.

    Setting replication password...done.

    Setting Postfix password...done.

    Setting amavis password...done.

    Setting nginx password...done.

    Setting BES searcher  password...done.

    Creating server entry for hongxue.com...done.

    Setting Zimbra IP Mode...done.

    Saving CA in ldap ...done.

    Saving SSL Certificate in ldap ...done.

    Setting spell check URL...done.

    Setting service ports on hongxue.com...done.

    Setting zimbraFeatureTasksEnabled=TRUE...done.

    Setting zimbraFeatureBriefcasesEnabled=TRUE...done.

    Setting Master DNS IP address(es)...done.

    Setting DNS cache tcp lookup preference...done.

    Setting DNS cache udp lookup preference...done.

    Setting DNS tcp upstream preference...done.

    Setting TimeZone Preference...done.

    Initializing mta config...done.

    Setting services on hongxue.com...done.

    Adding hongxue.com to zimbraMailHostPool in default COS...done.

    Creating domain hongxue.com...done.

    Setting default domain name...done.

    Creating domain hongxue.com...already exists.

    Creating admin account admin@hongxue.com...done.

    Creating root alias...done.

    Creating postmaster alias...done.

    Creating user spam.4jzqlif9fd@hongxue.com...done.

    Creating user ham.bhxkaz_w@hongxue.com...done.

    Creating user virus-quarantine.92q5ww2xk@hongxue.com...done.

    Setting spam training and Anti-virus quarantine accounts...done.

    Initializing store sql database...done.

    Setting zimbraSmtpHostname for hongxue.com...done.

    Configuring SNMP...done.

    Setting up syslog.conf...done.

    Starting servers...done.

    Installing common zimlets...

        com_zimbra_adminversioncheck...done.

        com_zimbra_attachcontacts...done.

        com_zimbra_attachmail...done.

        com_zimbra_bulkprovision...done.

        com_zimbra_cert_manager...done.

        com_zimbra_clientuploader...done.

        com_zimbra_date...done.

        com_zimbra_email...done.

        com_zimbra_mailarchive...done.

        com_zimbra_phone...done.

        com_zimbra_proxy_config...done.

        com_zimbra_srchhighlighter...done.

        com_zimbra_tooltip...done.

        com_zimbra_url...done.

        com_zimbra_viewmail...done.

        com_zimbra_webex...done.

        com_zimbra_ymemoticons...done.

    Finished installing common zimlets.

    Restarting mailboxd...done.

    Creating galsync account for default domain...done.

     

    You have the option of notifying Zimbra of your installation.

    This helps us to track the uptake of the Zimbra Collaboration Server.

    The only information that will be transmitted is:

        The VERSION of zcs installed (8.6.0_GA_1153_RHEL7_64)

        The ADMIN EMAIL ADDRESS created (admin@hongxue.com)

     

    # 跳过通知zimbra

    Notify Zimbra of your installation? [Yes] no

    Notification skipped

    Setting up zimbra crontab...done.

     

     

    Moving /tmp/zmsetup02252016-105150.log to /opt/zimbra/log

     

     

    Configuration complete - press return to exit

    7、ok,上一步已经完成安装,下面我们来查看服务启动状态,服务已经启动~

    8、查看管理员界面 

    https://192.168.2.222:7071/zimbraAdmin/
    https://192.168.2.222

     

    创建一个普通用户

    https://192.168.2.222登录用户界面

    发送测试邮件

    添加云解析

    使用域名登录

    https://mail.grabchatapp.com:7071/zimbraAdmin/
    https://mail.grabchatapp.com

    配置证书:

    安装使用阿里云免费ssl证书脚本

    https://www.itgeeker.net/zimbra-8-x安装使用阿里云免费ssl证书脚本/

    首先当然要去阿里云申请的ssl证书下载其他类型证书,解压缩后有两个文件上传到相应目录,这里是/opt/zimbra/ssl/aliyunssl/,文件名类似18131-domain.key和.pem

    对比Let’s Encrypt和Wosign的证书,这里会涉及到转换阿里云的RSA密钥到PKCS#8的格式,两者的区别,在于开头和结尾的内容。zimbra是不能验证RSA秘钥的

    我们可以通过openssl命令把阿里云的私钥转成zimbra能接受的格式。

    openssl pkcs8 -topk8 -inform PEM -in 18131XXXXXXXXX.key -outform PEM -nocrypt -out privkey.pem

    完整脚本如下:

    #!/bin/bash
    # Note: create by itgeeker
     
    domain=mail.itgeeker.net
     
    su - zimbra -c 'zmproxyctl stop'
    su - zimbra -c 'zmmailboxdctl stop'
     
    mkdir /opt/zimbra/ssl/aliyunssl/
    echo "up load aliyun ssl other to this folder first !!!!!!!"
    cd /opt/zimbra/ssl/aliyunssl/
    openssl pkcs8 -topk8 -inform PEM -in 18131XXXXXXXXX.key -outform PEM -nocrypt -out privkey.pem
    mv 1813131_mail.geekerconsulting.com.pem cert.pem
    chown zimbra:zimbra /opt/zimbra/ssl/aliyunssl/*
     
    su - zimbra -c 'cd /opt/zimbra/ssl/aliyunssl/ && /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem '
     
    echo "Backup Zimbra SSL directory"
    cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")
     
    echo "Copy the private key under Zimbra SSL path"
    cp /opt/zimbra/ssl/aliyunssl/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
     
    echo "Final SSL deployment"
    su - zimbra  -c 'cd /opt/zimbra/ssl/aliyunssl/ /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem'
     
    echo "restart zimbra"
    su - zimbra -c 'zmcontrol restart'

    gist link:

    https://gist.github.com/alanljj/2f90ca543dc2f2e45319ac13c30bbf72

    验证zimbra ssl证书命令:

    su - zimbra -c '/opt/zimbra/bin/zmcertmgr viewdeployedcrt'

    更新

    通过上面的方法虽然没有提示任何错误,但可能无法更新证书,使用验证命令,仍然会显示老的证书。那么就需要以下的复杂流程了。

    zimbra证书的三个文件,目录/opt/zimbra/ssl/zimbra/commercial/:

    1. commercial_ca.crt
    2. commercial.crt
    3. commercial.key

    zimbra ssl证书制作方法:

    commercial_ca.crt – 阿里云下载证书1813131_domain.pem的第二部分,也就是第二个—–BEGIN CERTIFICATE—–到—–END CERTIFICATE—– 也就是中级证书(mid-digicert-ca) + 根证书(root-digiert-ca)

    两者中间不能有空行

    阿里云免费ssl的根证书分享,不同发证机构根证书会有所不同:

    -----BEGIN CERTIFICATE-----
    MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
    MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
    d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
    QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
    MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
    b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
    9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
    CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
    nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
    43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
    T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
    gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
    BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
    TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
    DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
    hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
    06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
    PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
    YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
    CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
    -----END CERTIFICATE-----

    https://gist.github.com/alanljj/26b12b591173b3ba7c3c51edea09cad6

    commercial.crt – 1813131_domain.pem的第一部分,也就是第一个—–BEGIN CERTIFICATE—–到—–END CERTIFICATE—–部分。

    commercial.key – 就是1813131_domain.key,用上面的RSA密钥到PKCS#8 转换方法先转换,然后改名字就可以了。

    开始部署

    上传三个文件到/opt/zimbra/ssl/zimbra/commercial/目录,上传前检查、检查、再检查是否已经正确,如果老的文件已存在,先删除老的三个文件(技术奇客有碰到未删除,生成的文件格式不对导致无法更新ssl证书的情况)

    验证证书。进入/opt/zimbra/ssl/zimbra/commercial/目录后,使用zimbra用户执行:

    /opt/zimbra/common/bin/openssl verify -CAfile commercial_ca.crt commercial.crt

    部署证书。 使用zimbra用户执行 :

    /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt

    重启zimbra服务。

    su - zimbra -c 'zmcontrol restart'

    查看新证书。

    su - zimbra -c '/opt/zimbra/bin/zmcertmgr viewdeployedcrt'

     

  • 相关阅读:
    VS2005下安装boost
    NOIP2017宝藏 [搜索/状压dp]
    SCOI2008奖励关 [状压dp]
    莫队算法解析
    SCOI2005 互不侵犯 [状压dp]
    Codeforces ----- Kefa and Dishes [状压dp]
    TSP问题之状压dp法
    NOI2001炮兵阵地 [状压dp]
    状压dp入门
    「网络流24题」餐巾计划问题
  • 原文地址:https://www.cnblogs.com/xiaoyou2018/p/11869326.html
Copyright © 2011-2022 走看看