因为Zimbra默认关闭了明文的端口,只开放了加密端口;所以给Zimbra申请安装第三方国际SSL证书就很有必要;但最近遇到更换Zimbra服务器,在新服务器上全新安装Zimbra后,老服务器上的SSL证书怎么转移到新服务器就是个问题了。下面记录一下方法,以便后用。
老服务器操作
创建/sslbk目录
# mkdir /sslbk
复制/opt/zimbra/ssl下所有文件到/sslbk
# \cp -ar /opt/zimbra/ssl/* /sslbk/
压缩/sslbk目录为/sslbk.zip
# zip -r /sslbk.zip /sslbk/
用scp命令把/sslbk.zip传输到新服务器的根目录下
# scp -P2222 /sslbk.zip root@192.168.0.77:/
新服务器操作
停止zimbra服务
# su zimbra
$ zmcontrol stop
作为root登录,重命名/opt/zimbra/ssl目录
# mv /opt/zimbra/ssl/ /opt/zimbra/ssl.bak
解压缩刚从老服务器传输过来的/sslbk.zip
# unzip /sslbk.zip
复制解压后的/sslbk到/opt/zimbra/,重命名为ssl,并修改ssl所属用户和组为zimbra
# \cp -ar /sslbk /opt/zimbra/
# mv /opt/zimbra/sslbk/ /opt/zimbra/ssl
# chown zimbra:zimbra /opt/zimbra/ssl -R
切换到zimbra帐号登录,并进入/opt/zimbra/bin目录
# su zimbra
$ cd /opt/zimbra/bin/
执行下面命令
$ ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/zimbra/commercial/commercial_ca.crt
执行结束后,有下面提示,说明SSL证书转移成功
** NOTE: restart services to use the new certificates.
** Cleaning up 3 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/ca.pem
** Removing /opt/zimbra/conf/ca/dd182a49.0
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink 'dd182a49.0' -> 'ca.pem'
** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
** Creating CA hash symlink '157753a5.0' -> 'commercial_ca_1.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
** Creating CA hash symlink 'd6325660.0' -> 'commercial_ca_2.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt
** Creating CA hash symlink '8d28ae65.0' -> 'commercial_ca_3.crt'
启动zimbra服务,使SSL证书生效
$ zmcontrol start
原文链接:Zimbra8.7.x备份和转移SSL证书,转载请注明来源!
啊啊啊啊
看看
很不错,很有用!