![\"\"](\"http:\/\/blog.nosland.com\/wp-content\/uploads\/2019\/01\/image-404.png\")
<\/figcaption><\/figure>\n\n\n\n
![\"\"](\"http:\/\/blog.nosland.com\/wp-content\/uploads\/2019\/01\/image-405.png\")
![\"\"](\"http:\/\/blog.nosland.com\/wp-content\/uploads\/2019\/01\/image-406.png\")
Choisir Installer le certificat<\/figcaption><\/figure>\n\n\n\n
![\"\"](\"http:\/\/blog.nosland.com\/wp-content\/uploads\/2019\/01\/image-407.png\")
![\"\"](\"http:\/\/blog.nosland.com\/wp-content\/uploads\/2019\/01\/image-408.png\")
![\"\"](\"http:\/\/blog.nosland.com\/wp-content\/uploads\/2019\/01\/image-409.png\")
![\"\"](\"http:\/\/blog.nosland.com\/wp-content\/uploads\/2019\/01\/image-410.png\")
Vous rendre sur le site de votre fournisseur de SSL favori et faites une demande de SSL \u00e0 partir de votre CSR<\/p>\n\n\n\n
Votre fournisseur vous renverra au moins deux fichiers dans un ZIP : le certificat serveur sous la forme mon_nom_de_domaine.crt et mon_nom_de_domaine.ca-bundle En fonction du type de SSL que vous avez achet\u00e9 et aussi en fonction du fournisseur les noms peuvent diff\u00e9rer. <\/p>\n\n\n\n Transf\u00e9rer les 4 fichiers sur votre serveur. puis connectez vous en SSH dessus. <\/p>\n\n\n\n lancer les commandes suivantes : <\/p>\n\n\n\n cp anakin_nosland_com.crt commercial.crt Vous devriez obtenir : <\/p>\n\n\n\n Se placer sous l’utilisateur Zimbra (su zimbra) \/opt\/zimbra\/bin\/zmcertmgr verifycrt comm \/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key comercial.crt commercial_ca.crt<\/p>\n\n\n\n Vous devriez avoir des r\u00e9ponses comme-ci : <\/p>\n\n\n\n Certificate ‘commercial.crt’ and private key ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key’ match. Si c’est OK il suffit de d\u00e9ployer <\/p>\n\n\n\n zmcertmgr deploycrt comm commercial.crt commercial_ca.crt Une fois fait, il suffit de relancer Zimbra : \u00ab\u00a0zmcontrol restart\u00a0\u00bb<\/p>\n","protected":false},"excerpt":{"rendered":" Cas SSL chez COMODO via namecheap On se connecte sur l’interface d’admin web de Zimbra Vous rendre sur le site…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"_links":{"self":[{"href":"http:\/\/blog.nosland.com\/index.php?rest_route=\/wp\/v2\/posts\/573"}],"collection":[{"href":"http:\/\/blog.nosland.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.nosland.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.nosland.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.nosland.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=573"}],"version-history":[{"count":4,"href":"http:\/\/blog.nosland.com\/index.php?rest_route=\/wp\/v2\/posts\/573\/revisions"}],"predecessor-version":[{"id":586,"href":"http:\/\/blog.nosland.com\/index.php?rest_route=\/wp\/v2\/posts\/573\/revisions\/586"}],"wp:attachment":[{"href":"http:\/\/blog.nosland.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.nosland.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=573"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.nosland.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Pour l’installation de Zimbra \u00e7a ne suffira pas. Vous devez donc demander \u00e0 votre fournisseur de vous faire parvenir 3 fichiers : AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt<\/em><\/p>\n\n\n\n![\"\"](\"http:\/\/blog.nosland.com\/wp-content\/uploads\/2019\/01\/image-411.png\")
cat AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt > commercial_ca.crt<\/p>\n\n\n\n![\"\"](\"http:\/\/blog.nosland.com\/wp-content\/uploads\/2019\/01\/image-412.png\")
<\/figure>\n\n\n\n
nous allons tester les fichiers avant de les int\u00e9grer<\/p>\n\n\n\n
** Verifying ‘commercial.crt’ against ‘commercial_ca.crt’
Valid certificate chain: commercial.crt: OK<\/p>\n\n\n\n
** Verifying ‘commercial.crt’ against ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key’
Certificate ‘commercial.crt’ and private key ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key’ match.
** Verifying ‘commercial.crt’ against ‘commercial_ca.crt’
Valid certificate chain: commercial.crt: OK
** Copying ‘commercial.crt’ to ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt’
** Copying ‘commercial_ca.crt’ to ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial_ca.crt’
** Appending ca chain ‘commercial_ca.crt’ to ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt’
** Importing cert ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial_ca.crt’ as ‘zcs-user-commercial_ca’ into cacerts ‘\/opt\/zimbra\/common\/lib\/jvm\/java\/jre\/lib\/security\/cacerts’
** NOTE: restart mailboxd to use the imported certificate.
** Saving config key ‘zimbraSSLCertificate’ via zmprov modifyServer anakin.nosland.com\u2026ok
** Saving config key ‘zimbraSSLPrivateKey’ via zmprov modifyServer anakin.nosland.com\u2026ok
** Installing imapd certificate ‘\/opt\/zimbra\/conf\/imapd.crt’ and key ‘\/opt\/zimbra\/conf\/imapd.key’
** Copying ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt’ to ‘\/opt\/zimbra\/conf\/imapd.crt’
** Copying ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key’ to ‘\/opt\/zimbra\/conf\/imapd.key’
** Creating file ‘\/opt\/zimbra\/ssl\/zimbra\/jetty.pkcs12’
** Creating keystore ‘\/opt\/zimbra\/conf\/imapd.keystore’
** Installing ldap certificate ‘\/opt\/zimbra\/conf\/slapd.crt’ and key ‘\/opt\/zimbra\/conf\/slapd.key’
** Copying ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt’ to ‘\/opt\/zimbra\/conf\/slapd.crt’
** Copying ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key’ to ‘\/opt\/zimbra\/conf\/slapd.key’
** Creating file ‘\/opt\/zimbra\/ssl\/zimbra\/jetty.pkcs12’
** Creating keystore ‘\/opt\/zimbra\/mailboxd\/etc\/keystore’
** Installing mta certificate ‘\/opt\/zimbra\/conf\/smtpd.crt’ and key ‘\/opt\/zimbra\/conf\/smtpd.key’
** Copying ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt’ to ‘\/opt\/zimbra\/conf\/smtpd.crt’
** Copying ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key’ to ‘\/opt\/zimbra\/conf\/smtpd.key’
** Installing proxy certificate ‘\/opt\/zimbra\/conf\/nginx.crt’ and key ‘\/opt\/zimbra\/conf\/nginx.key’
** Copying ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt’ to ‘\/opt\/zimbra\/conf\/nginx.crt’
** Copying ‘\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key’ to ‘\/opt\/zimbra\/conf\/nginx.key’
** NOTE: restart services to use the new certificates.
** Cleaning up 9 files from ‘\/opt\/zimbra\/conf\/ca’
** Removing \/opt\/zimbra\/conf\/ca\/d6325660.0
** Removing \/opt\/zimbra\/conf\/ca\/commercial_ca_2.crt
** Removing \/opt\/zimbra\/conf\/ca\/commercial_ca_3.crt
** Removing \/opt\/zimbra\/conf\/ca\/ca.key
** Removing \/opt\/zimbra\/conf\/ca\/ca.pem
** Removing \/opt\/zimbra\/conf\/ca\/157753a5.0
** Removing \/opt\/zimbra\/conf\/ca\/8d28ae65.0
** Removing \/opt\/zimbra\/conf\/ca\/6d667efc.0
** Removing \/opt\/zimbra\/conf\/ca\/commercial_ca_1.crt
** Copying CA to \/opt\/zimbra\/conf\/ca
** Copying ‘\/opt\/zimbra\/ssl\/zimbra\/ca\/ca.key’ to ‘\/opt\/zimbra\/conf\/ca\/ca.key’
** Copying ‘\/opt\/zimbra\/ssl\/zimbra\/ca\/ca.pem’ to ‘\/opt\/zimbra\/conf\/ca\/ca.pem’
** Creating CA hash symlink ‘6d667efc.0’ -> ‘ca.pem’
** Creating \/opt\/zimbra\/conf\/ca\/commercial_ca_1.crt
** Creating CA hash symlink ‘157753a5.0’ -> ‘commercial_ca_1.crt’
** Creating \/opt\/zimbra\/conf\/ca\/commercial_ca_2.crt
** Creating CA hash symlink ‘fc5a8f99.0’ -> ‘commercial_ca_2.crt’
** Creating \/opt\/zimbra\/conf\/ca\/commercial_ca_3.crt
** Creating CA hash symlink ’65ff7287.0′ -> ‘commercial_ca_3.crt’<\/p>\n\n\n\n