利发国际lifa222 » 邮件技术 » Zimbra8.7.x备份和转移SSL证书

Zimbra8.7.x备份和转移SSL证书

 
因为Zimbra默认关闭了明文的端口,只开放了加密端口;所以给Zimbra申请安装第三方国际SSL证书就很有必要;但最近遇到更换Zimbra服务器,在新服务器上全新安装Zimbra后,老服务器上的SSL证书怎么转移到新服务器就是个问题了。下面记录一下方法,以便后用。 老服务器操作 创建/sslbk目录
# mkdir /sslbk
复制/opt/zimbra/ssl下所有文件到/sslbk
# \cp -ar /opt/zimbra/ssl/* /sslbk/
压缩/sslbk目录为/sslbk.zip
# zip -r /sslbk.zip /sslbk/
用scp命令把/sslbk.zip传输到新服务器的根目录下
# scp -P2222 /sslbk.zip root@192.168.0.77:/
新服务器操作 停止zimbra服务
# su zimbra $ zmcontrol stop
作为root登录,重命名/opt/zimbra/ssl目录
# mv /opt/zimbra/ssl/ /opt/zimbra/ssl.bak
解压缩刚从老服务器传输过来的/sslbk.zip
# unzip /sslbk.zip
复制解压后的/sslbk到/opt/zimbra/,重命名为ssl,并修改ssl所属用户和组为zimbra
# \cp -ar /sslbk /opt/zimbra/ # mv /opt/zimbra/sslbk/ /opt/zimbra/ssl # chown zimbra:zimbra /opt/zimbra/ssl -R
切换到zimbra帐号登录,并进入/opt/zimbra/bin目录
# su zimbra $ cd /opt/zimbra/bin/
执行下面命令
$ ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt
执行结束后,有下面提示,说明SSL证书转移成功
** NOTE: restart services to use the new certificates. ** Cleaning up 3 files from '/opt/zimbra/conf/ca' ** Removing /opt/zimbra/conf/ca/ca.key ** Removing /opt/zimbra/conf/ca/ca.pem ** Removing /opt/zimbra/conf/ca/dd182a49.0 ** Copying CA to /opt/zimbra/conf/ca ** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key' ** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem' ** Creating CA hash symlink 'dd182a49.0' -> 'ca.pem' ** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt ** Creating CA hash symlink '157753a5.0' -> 'commercial_ca_1.crt' ** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt ** Creating CA hash symlink 'd6325660.0' -> 'commercial_ca_2.crt' ** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt ** Creating CA hash symlink '8d28ae65.0' -> 'commercial_ca_3.crt'
启动zimbra服务,使SSL证书生效
$ zmcontrol start
原文链接:Zimbra8.7.x备份和转移SSL证书,转载请注明来源!
4