Double check via the HTTPS web client that the browser sees the commercial cert and doesn't complain. Then stop zimbra on all the nodes (doing the LDAP one last), and start all the nodes (starting with LDAP).
Run the previous commands (starting with verifycrt) on each of the nodes. Then copy the /root/apps/certs to every other node (for reference), as well as /opt/zimbra/ssl/zimbra/commercial/commercial.key. Generate the CSR and do the steps mentioned above for a single server setup on the mailbox server, up to 'deploycrt'. Take a snapshot of all the servers in case something goes wrong. It's much easier taking a wild card certificate if you have a multiserver setup. If Zimbra does not start, you are screwed, and would probably want to revert/merge your LVM snapshot and find out what went wrong. opt/zimbra/bin/zmcertmgr viewdeployedcrt opt/zimbra/bin/zmcertmgr deploycrt comm. The admin UI, at least for Zimbra 8.0.7, is broken when it comes to generating CSRs ( bug 89662). You can mess zimbra up very easily when playing with certificates.
Use a simple certificate if Zimbra will be accessed using one URL (even if you host multiple domains), or a UCC certificate if there'd be access from multiple URL domains.īefore anything, create a snapshot if your zimbra logical volume.
ZIMBRA SPAMASSASSIN CONFIGURATION INSTALL
This section should be ignored unless you have commercial certificates, but having a commercial certificate is quite important in a production install (though I suppose you could use the free cert available from LetsEncrypt, though I haven't tried using that with Zimbra yet).īTW: if you are faced with a downtime that has to do with certificates and zimbra not functioning, and you are sure your server hasn't been compromised, disable certificate checks with, as zimbra: zmlocalconfig -e ssl_allow_untrusted_certs=true Commercial single server setup
ZIMBRA SPAMASSASSIN CONFIGURATION RAR
rar files it's not in EPEL because of some licensing issues, so get it from here Certificates Install 'unrar' to be able to scan attachments inside. You can later set the proper default domain name. Just set the admin password, and keep everything else the same, including the FDQN domain name. Install the rest with the defaults, including the memcache/proxy as according to the wiki future updates will depend on memcached & the proxy heavily even for single node installs (probably for filtering). When running install.sh, make sure that you do NOT install (type n) zimbra-dnscache. For example, if Zimbra is the MX and is the only server allowed to send emails, add the SPF/TXT record v=spf1 mx -all) Installing Zimbra (You will later need to change the MX records this takes great planning and thought if you don't want to lose emails. The local caching DNS aside, you need to also start the process of setting up the actual internet domain's forward DNS (A record) via your DNS hosting panel, and the reverse DNS (PTR record) for the IP by contacting the ISP, as this may take some time.
You'll also want to comment out the ::1 localhost line in /etc/hosts, otherwise zmconfigd would not start (at least in 8.5.1)
0 kommentar(er)
