如果使用云服务器搭建邮箱服务器的话,根据相关规定。需要申请开通25端口,阿里云管控很严格,所以我使用的是自己的IDC机房服务器搭建,如果使用电信的网络需要申请开通25端口
1、关闭防火墙
2、关闭selinux
3、内网IP :192.168.2.222 公网IP 221.12.155.245
开始安装
yum -y update
安装zimbra所需要的包和库
yum -y install perl perl-core nmap sudo libidn gmp libaio libstdc++ unzip sysstat sqlite nc
关闭安装的MTA服务
systemctl stop postfix.service
systemctl disable postfix.service
安装bind
yum -y install bind bind-utils
修改主机名
修改 /etc/hosts
修改/etc/resolv.conf
chown -R named.named /var/named/
修改 /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "zimbra.com" IN {
type master;
file "zimbra.com.zone";
};
zone "2.168.192.in-addr.arpa" IN {
type master;
file "192.168.2.arpa";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
创建DNS正向解析
$TTL 86400
@ IN SOA mail mail.zimbra.com. (
0 ; Serial
43200 ; Refresh
3600 ; Retry
3600000 ; Expire
2592000 ) ; Minimum
IN NS ns.zimbra.com.
IN A 192.168.2.222
IN MX 10 mail.zimbra.com.
mail IN A 192.168.2.222
ns IN A 192.168.2.222
创建反向解析
$TTL 1D
@ IN SOA zimbra.com. mail.zimbra.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
2.168.192.in-addr.arpa. IN NS ns.zimbra.com.
222 IN PTR ns.zimbra.com.
222 IN PTR mail.zimbra.com.
测试DNS解析
测试DNS解析
dig zimbra.com MX
dig -x 192.168.2.222
启动named.service
systemctl start named.service
systemctl enable named.service
下载、上传zimbra安装包至/opt 目录,我使用的是zcs-8.6.0版本
地址: http://www.zimbra.com/downloads/os-downloads.html
解压安装zimbra
cd /opt
tar zxvf zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz
cd zcs-8.6.0_GA_1153.RHEL7_64.20141215151110
./install.sh --platform-override
显示如下
Operations logged to /tmp/install.log.31333
Checking for existing installation...
zimbra-ldap...NOT FOUND
zimbra-logger...NOT FOUND
zimbra-mta...NOT FOUND
zimbra-dnscache...NOT FOUND
zimbra-snmp...NOT FOUND
zimbra-store...NOT FOUND
zimbra-apache...NOT FOUND
zimbra-spell...NOT FOUND
zimbra-convertd...NOT FOUND
zimbra-memcached...NOT FOUND
zimbra-proxy...NOT FOUND
zimbra-archiving...NOT FOUND
zimbra-core...NOT FOUND
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
ZIMBRA, INC. ("ZIMBRA") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
License Terms for the Zimbra Collaboration Suite:
http://www.zimbra.com/license/zimbra-public-eula-2-5.html
# 输入y同意安装
Do you agree with the terms of the software license agreement? [N] y
Checking for prerequisites...
FOUND: NPTL
FOUND: nmap-ncat-6.40-7
FOUND: sudo-1.8.6p7-16
FOUND: libidn-1.28-4
FOUND: gmp-6.0.0-12
FOUND: libaio-0.3.109-13
FOUND: libstdc++-4.8.5-4
FOUND: unzip-6.0-15
FOUND: perl-core-5.16.3-286
Checking for suggested prerequisites...
FOUND: perl-5.16.3
FOUND: sysstat
FOUND: sqlite
Prerequisite check complete.
Checking for installable packages
Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-dnscache
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy
#输入Y安装zimbra所需组件
Select the packages to install
Install zimbra-ldap [Y]
Install zimbra-logger [Y] Y
Install zimbra-mta [Y] Y
Install zimbra-dnscache [Y] Y
Install zimbra-snmp [Y] Y
Install zimbra-store [Y] Y
Install zimbra-apache [Y] Y
Install zimbra-spell [Y] Y
Install zimbra-memcached [Y] Y
Install zimbra-proxy [Y] Y
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.
Installing:
zimbra-core
zimbra-ldap
zimbra-logger
zimbra-mta
zimbra-dnscache
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell
zimbra-memcached
zimbra-proxy
# 输入Y确认操作修改
The system will be modified. Continue? [N] Y
Removing /opt/zimbra
Removing zimbra crontab entry...done.
Cleaning up zimbra init scripts...done.
Cleaning up /etc/ld.so.conf...done.
Cleaning up /etc/security/limits.conf...done.
Finished removing Zimbra Collaboration Server.
Installing packages
zimbra-core......zimbra-core-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-ldap......zimbra-ldap-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-logger......zimbra-logger-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-mta......zimbra-mta-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-dnscache......zimbra-dnscache-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-snmp......zimbra-snmp-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-store......zimbra-store-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-apache......zimbra-apache-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-spell......zimbra-spell-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-memcached......zimbra-memcached-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
zimbra-proxy......zimbra-proxy-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
Operations logged to /tmp/zmsetup02252016-105150.log
Installing LDAP configuration database...done.
Setting defaults... MX: smtp.asia.secureserver.net (182.50.144.66)
MX: mailstore1.asia.secureserver.net (182.50.144.67)
Interface: 127.0.0.1
Interface: ::1
Interface: 10.1.0.100
182.50.144.66
182.50.144.66
182.50.144.66
182.50.144.67
182.50.144.67
182.50.144.67
DNS ERROR resolving MX for mail.zimbra.com
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes]
Create domain: [mail.zimbra.com] zimbra.com
MX: mail.zimbra.com (192.168.1.109)
Interface: 127.0.0.1
Interface: ::1
Interface: 192.168.1.109
done.
Checking for port conflicts
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-dnscache: Enabled
6) zimbra-snmp: Enabled
7) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@hongxue.com
******* +Admin Password UNSET
+Anti-virus quarantine user: virus-quarantine.92q5ww2xk@hongxue.com
+Enable automated spam training: yes
+Spam training user: spam.4jzqlif9fd@hongxue.com
+Non-spam(Ham) training user: ham.bhxkaz_w@hongxue.com
+SMTP host: hongxue.com
+Web server HTTP port: 8080
+Web server HTTPS port: 8443
+Web server mode: https
+IMAP server port: 7143
+IMAP server SSL port: 7993
+POP server port: 7110
+POP server SSL port: 7995
+Use spell check server: yes
+Spell server URL: http://hongxue.com:7780/aspell.php
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: admin@hongxue.com
+Version update source email: admin@hongxue.com
+Install mailstore (service webapp): yes
+Install UI (zimbra,zimbraAdmin webapps): yes
8) zimbra-spell: Enabled
9) zimbra-proxy: Enabled
10) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
# 这边我们先选择7
Address unconfigured (**) items (? - help) 7
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@hongxue.com
** 4) Admin Password UNSET
5) Anti-virus quarantine user: virus-quarantine.92q5ww2xk@hongxue.com
6) Enable automated spam training: yes
7) Spam training user: spam.4jzqlif9fd@hongxue.com
8) Non-spam(Ham) training user: ham.bhxkaz_w@hongxue.com
9) SMTP host: hongxue.com
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
17) Use spell check server: yes
18) Spell server URL: http://hongxue.com:7780/aspell.php
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: admin@hongxue.com
22) Version update source email: admin@hongxue.com
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
# 接着选择4,设置 admin password
Select, or 'r' for previous menu [r] 4
Password for admin@hongxue.com (min 6 characters): [1ewBUZwGo] hongxuepassword
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@hongxue.com
4) Admin Password set
5) Anti-virus quarantine user: virus-quarantine.92q5ww2xk@hongxue.com
6) Enable automated spam training: yes
7) Spam training user: spam.4jzqlif9fd@hongxue.com
8) Non-spam(Ham) training user: ham.bhxkaz_w@hongxue.com
9) SMTP host: hongxue.com
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
17) Use spell check server: yes
18) Spell server URL: http://hongxue.com:7780/aspell.php
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: admin@hongxue.com
22) Version update source email: admin@hongxue.com
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
# 按r回到上一级菜单
Select, or 'r' for previous menu [r] r
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-dnscache: Enabled
6) zimbra-snmp: Enabled
7) zimbra-store: Enabled
8) zimbra-spell: Enabled
9) zimbra-proxy: Enabled
10) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
# 下面按a以完成配置,并且yes下去,继续修改即可。之后就是zimbra自动一系列的配置了~
*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes] yes
Save config in file: [/opt/zimbra/config.41215]
Saving config in /opt/zimbra/config.41215...done.
The system will be modified - continue? [No] yes
Operations logged to /tmp/zmsetup02252016-105150.log
Setting local config values...done.
Initializing core config...Setting up CA...done.
Deploying CA to /opt/zimbra/conf/ca ...done.
Creating SSL zimbra-store certificate...done.
Creating new zimbra-ldap SSL certificate...done.
Creating new zimbra-mta SSL certificate...done.
Creating new zimbra-proxy SSL certificate...done.
Installing mailboxd SSL certificates...done.
Installing MTA SSL certificates...done.
Installing LDAP SSL certificate...done.
Installing Proxy SSL certificate...done.
Initializing ldap...done.
Setting replication password...done.
Setting Postfix password...done.
Setting amavis password...done.
Setting nginx password...done.
Setting BES searcher password...done.
Creating server entry for hongxue.com...done.
Setting Zimbra IP Mode...done.
Saving CA in ldap ...done.
Saving SSL Certificate in ldap ...done.
Setting spell check URL...done.
Setting service ports on hongxue.com...done.
Setting zimbraFeatureTasksEnabled=TRUE...done.
Setting zimbraFeatureBriefcasesEnabled=TRUE...done.
Setting Master DNS IP address(es)...done.
Setting DNS cache tcp lookup preference...done.
Setting DNS cache udp lookup preference...done.
Setting DNS tcp upstream preference...done.
Setting TimeZone Preference...done.
Initializing mta config...done.
Setting services on hongxue.com...done.
Adding hongxue.com to zimbraMailHostPool in default COS...done.
Creating domain hongxue.com...done.
Setting default domain name...done.
Creating domain hongxue.com...already exists.
Creating admin account admin@hongxue.com...done.
Creating root alias...done.
Creating postmaster alias...done.
Creating user spam.4jzqlif9fd@hongxue.com...done.
Creating user ham.bhxkaz_w@hongxue.com...done.
Creating user virus-quarantine.92q5ww2xk@hongxue.com...done.
Setting spam training and Anti-virus quarantine accounts...done.
Initializing store sql database...done.
Setting zimbraSmtpHostname for hongxue.com...done.
Configuring SNMP...done.
Setting up syslog.conf...done.
Starting servers...done.
Installing common zimlets...
com_zimbra_adminversioncheck...done.
com_zimbra_attachcontacts...done.
com_zimbra_attachmail...done.
com_zimbra_bulkprovision...done.
com_zimbra_cert_manager...done.
com_zimbra_clientuploader...done.
com_zimbra_date...done.
com_zimbra_email...done.
com_zimbra_mailarchive...done.
com_zimbra_phone...done.
com_zimbra_proxy_config...done.
com_zimbra_srchhighlighter...done.
com_zimbra_tooltip...done.
com_zimbra_url...done.
com_zimbra_viewmail...done.
com_zimbra_webex...done.
com_zimbra_ymemoticons...done.
Finished installing common zimlets.
Restarting mailboxd...done.
Creating galsync account for default domain...done.
You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.6.0_GA_1153_RHEL7_64)
The ADMIN EMAIL ADDRESS created (admin@hongxue.com)
# 跳过通知zimbra
Notify Zimbra of your installation? [Yes] no
Notification skipped
Setting up zimbra crontab...done.
Moving /tmp/zmsetup02252016-105150.log to /opt/zimbra/log
Configuration complete - press return to exit
7、ok,上一步已经完成安装,下面我们来查看服务启动状态,服务已经启动~
8、查看管理员界面
https://192.168.2.222:7071/zimbraAdmin/https://192.168.2.222
创建一个普通用户
https://192.168.2.222登录用户界面
发送测试邮件
添加云解析
使用域名登录
https://mail.grabchatapp.com:7071/zimbraAdmin/https://mail.grabchatapp.com
配置证书:
安装使用阿里云免费ssl证书脚本
https://www.itgeeker.net/zimbra-8-x安装使用阿里云免费ssl证书脚本/
首先当然要去阿里云申请的ssl证书下载其他类型证书,解压缩后有两个文件上传到相应目录,这里是/opt/zimbra/ssl/aliyunssl/,文件名类似18131-domain.key和.pem
对比Let’s Encrypt和Wosign的证书,这里会涉及到转换阿里云的RSA密钥到PKCS#8的格式,两者的区别,在于开头和结尾的内容。zimbra是不能验证RSA秘钥的
我们可以通过openssl命令把阿里云的私钥转成zimbra能接受的格式。
openssl pkcs8 -topk8 -inform PEM -in 18131XXXXXXXXX.key -outform PEM -nocrypt -out privkey.pem
完整脚本如下:
#!/bin/bash
# Note: create by itgeeker
domain=mail.itgeeker.net
su - zimbra -c 'zmproxyctl stop'
su - zimbra -c 'zmmailboxdctl stop'
mkdir /opt/zimbra/ssl/aliyunssl/
echo "up load aliyun ssl other to this folder first !!!!!!!"
cd /opt/zimbra/ssl/aliyunssl/
openssl pkcs8 -topk8 -inform PEM -in 18131XXXXXXXXX.key -outform PEM -nocrypt -out privkey.pem
mv 1813131_mail.geekerconsulting.com.pem cert.pem
chown zimbra:zimbra /opt/zimbra/ssl/aliyunssl/*
su - zimbra -c 'cd /opt/zimbra/ssl/aliyunssl/ && /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem '
echo "Backup Zimbra SSL directory"
cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")
echo "Copy the private key under Zimbra SSL path"
cp /opt/zimbra/ssl/aliyunssl/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
echo "Final SSL deployment"
su - zimbra -c 'cd /opt/zimbra/ssl/aliyunssl/ /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem'
echo "restart zimbra"
su - zimbra -c 'zmcontrol restart'
gist link:
https://gist.github.com/alanljj/2f90ca543dc2f2e45319ac13c30bbf72
验证zimbra ssl证书命令:
su - zimbra -c '/opt/zimbra/bin/zmcertmgr viewdeployedcrt'
更新
通过上面的方法虽然没有提示任何错误,但可能无法更新证书,使用验证命令,仍然会显示老的证书。那么就需要以下的复杂流程了。
zimbra证书的三个文件,目录/opt/zimbra/ssl/zimbra/commercial/:
- commercial_ca.crt
- commercial.crt
- commercial.key
zimbra ssl证书制作方法:
commercial_ca.crt – 阿里云下载证书1813131_domain.pem的第二部分,也就是第二个—–BEGIN CERTIFICATE—–到—–END CERTIFICATE—– 也就是中级证书(mid-digicert-ca) + 根证书(root-digiert-ca)
两者中间不能有空行
阿里云免费ssl的根证书分享,不同发证机构根证书会有所不同:
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----
https://gist.github.com/alanljj/26b12b591173b3ba7c3c51edea09cad6
commercial.crt – 1813131_domain.pem的第一部分,也就是第一个—–BEGIN CERTIFICATE—–到—–END CERTIFICATE—–部分。
commercial.key – 就是1813131_domain.key,用上面的RSA密钥到PKCS#8 转换方法先转换,然后改名字就可以了。
开始部署
上传三个文件到/opt/zimbra/ssl/zimbra/commercial/目录,上传前检查、检查、再检查是否已经正确,如果老的文件已存在,先删除老的三个文件(技术奇客有碰到未删除,生成的文件格式不对导致无法更新ssl证书的情况)
验证证书。进入/opt/zimbra/ssl/zimbra/commercial/目录后,使用zimbra用户执行:
/opt/zimbra/common/bin/openssl verify -CAfile commercial_ca.crt commercial.crt
部署证书。 使用zimbra用户执行 :
/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
重启zimbra服务。
su - zimbra -c 'zmcontrol restart'
查看新证书。
su - zimbra -c '/opt/zimbra/bin/zmcertmgr viewdeployedcrt'