certificate_in_possibly_stale_keystore
Ceci est une ancienne révision du document !
Zimbra
Introduction
After install letsencrypt certificate via the beautiful /opt/letsencrypt-zimbra/obtain-and-deploy-letsencrypt-cert.sh, the certificate of the admin console (accessible via port 7071) has not been updated. The keystore is located at /opt/zimbra/mailboxd/etc/keystore
zmcertmgr viewdeployedcrt all SubjectAltName=mail.domain.tld
NOTE: possibly stale keystore: /opt/zimbra/mailboxd/etc/keystore - mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem notBefore=Jul 31 20:31:04 2021 GMT notAfter=Oct 29 20:31:02 2021 GMT subject=CN = mail.domain.tld issuer=C = US, O = Let's Encrypt, CN = R3
- Find the keystore password in zimbra configuration
zmlocalconfig -s | grep mailboxd_keystore_password
- Create a pkcs12 file with the certificate, chain and the private key (as zimbra user)
openssl pkcs12 -export -name jetty -in /opt/zimbra/ssl/zimbra/commercial/commercial.crt -inkey /opt/zimbra/ssl/zimbra/commercial/commercial.key -out jetty.p12
- Delete the actual certificate into keystore
keytool -delete -alias jetty -keystore keystore -storepass passwd
- Import the keystore into the keystore (haha)
keytool -importkeystore -destkeystore keystore -srckeystore jetty.p12 -srcstoretype jks zmcontrol restart
certificate_in_possibly_stale_keystore.1627802921.txt.gz · Dernière modification : 2021/08/01 09:28 de inc002