To ensure trusted access to the Zextras Carbonio Community Edition server from various applications such as browsers, mobile apps, and more, we must install an SSL certificate.
The step-by-step consists of
– Generate CSR according to the type (single, multi or wildcard)
– Give CSR to SSL Provider
– Get the SSL Certificate file from the SSL provider
– Install SSL Certificate on Zextras Carbonio Community Edition server
# Generate CSR
Generate CSR using CLI
– Generate CSR for SSL Single Domain
su - zextras /opt/zextras/bin/zmcertmgr createcsr comm -new -subject "/CN=mail.imanudin.web.id/C=ID/ST=Jawa Barat/L=Bekasi/O=Imanudin Inc/OU=IT"
The CSR generate command above is for Single Domain SSL with the name mail.imanudin.web.id
– Generate CSR for SSL Multi Domain (UCC)
su - zextras /opt/zextras/bin/zmcertmgr createcsr comm -new -subject "/CN=mail.imanudin.web.id/C=ID/ST=Jawa Barat/L=Bekasi/O=Imanudin Inc/OU=IT" -subjectAltNames mail.imanudin.com,mail.imanudin.net
The CSR generate command above is for SSL Multi Domain (UCC) with 3 different name. i.e mail.imanudin.web.id, mail.imanudin.com, and mail.imanudin.net
– Generate CSR for SSL Wildcard Domain
su - zextras /opt/zextras/bin/zmcertmgr createcsr comm -new -subject "/CN=*.imanudin.web.id/C=ID/ST=Jawa Barat/L=Bekasi/O=Imanudin Inc/OU=IT"
The CSR generate command above is for SSL Wildcard Domain with name *.imanudin.web.id
The generated CSR from the above command is in the file /opt/zextras/ssl/carbonio/commercial/commercial.csr
zextras@mail:~$ cat /opt/zextras/ssl/carbonio/commercial/commercial.csr -----BEGIN CERTIFICATE REQUEST----- MIIDBTCCAe0CAQAwdjEdMBsGA1UEAwwUbWFpbC5pbWFudWRpbi53ZWIuaWQxCzAJ BgNVBAYTAklEMRMwEQYDVQQIDApKYXdhIEJhcmF0MQ8wDQYDVQQHDAZCZWthc2kx FTATBgNVBAoMDEltYW51ZGluIEluYzELMAkGA1UECwwCSVQwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDsjiHrHau7LZkMIlMBI93v7imwzfE0xEy8iXPE //8x+ogBmFC1Sc/LDVlbuVnVn45UvyeB5En6oYjqo1GhqzGeme61BsGVrS+vIPf0 yir2mSZD8ZXO2pbleFRYLBS6VT1WmgJPByXigU5ScbghcUXb4T689UEhU4fXs0rW xCPVPBTjM5LlyytMgB3ERJ3sdsrQoMVb4PtdRQ2sw84AxUYtFxe/SjfyS7oE6kTB 8UAMIvI96CVrJtuqqTVw86JKaz850T4mzNpG512J8e8lliaS29yfh2qBTjUQrfSj 1BDycIlB4KsG4kmub9cJI5DkUijjYtQFqLKdxR+t44ZRsjg1AgMBAAGgSjBIBgkq hkiG9w0BCQ4xOzA5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB8GA1UdEQQYMBaC FG1haWwuaW1hbnVkaW4ud2ViLmlkMA0GCSqGSIb3DQEBCwUAA4IBAQCvsWmYj1mu W23w/QCH33RctxWr7jrF53uDdBklrzVr/hdeHmW+3Pb8HmAVfMf3hMEFgQKWmxSP XriVtBrPEdljybyO6WXeo/dtgQOiBinxK53kMGGhKFHAvVZrb+Qc0Pa4V7oUfmKX slhLhKW6VbotwoMZpfKNECBJwgyB/jEbtUFbb3uWRFeOV1P+FeZplNU7yAec0rSF 78tNgIChQwF2SOW0ggs8WAmp3jXzml+Hnn9yQEste3jNDd/YRCJPDz4oBFmTp2Et Qfqx+aQp3RTcOia8jAjWkHV4uQ7ZqtkQD/XnItuIjrLO97Jo+v60Yzw2w1vq6LST 8EBExalrI/rB -----END CERTIFICATE REQUEST-----
Give that file to the SSL provider
# Install Commercial SSL Certificate
You will receive below files from SSL provider
ca_bundle_sectigo.crt Intermediate_CA_sectigo.crt Root_CA_sectigo.crt mail_imanudin_web_id.crt
Save/upload the file above to the /tmp/ folder on the Zextras Carbonio Community Edition (CE) server
Change the owner
cd /tmp/ chown zextras.zextras *.crt
Verify commercial key with SSL certificate
zmcertmgr verifycrt comm /opt/zextras/ssl/carbonio/commercial/commercial.key /tmp/mail_imanudin_web_id.crt /tmp/ca_bundle_sectigo.crt
If match, you can continue installing the SSL certificate
zmcertmgr deploycrt comm /tmp/mail_imanudin_web_id.crt /tmp/ca_bundle_sectigo.crt
View SSL certificate that has been installed
zmcertmgr viewdeployedcrt
zextras@mail:~$ zmcertmgr viewdeployedcrt - ldap: /opt/zextras/conf/slapd.crt notBefore=May 28 00:00:00 2023 GMT notAfter=May 28 23:59:59 2024 GMT subject=CN = mail.imanudin.web.id issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA SubjectAltName=mail.imanudin.web.id, www.mail.imanudin.web.id - mailboxd: /opt/zextras/mailboxd/etc/mailboxd.pem notBefore=May 28 00:00:00 2023 GMT notAfter=May 28 23:59:59 2024 GMT subject=CN = mail.imanudin.web.id issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA SubjectAltName=mail.imanudin.web.id, www.mail.imanudin.web.id - mta: /opt/zextras/conf/smtpd.crt notBefore=May 28 00:00:00 2023 GMT notAfter=May 28 23:59:59 2024 GMT subject=CN = mail.imanudin.web.id issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA SubjectAltName=mail.imanudin.web.id, www.mail.imanudin.web.id - proxy: /opt/zextras/conf/nginx.crt notBefore=May 28 00:00:00 2023 GMT notAfter=May 28 23:59:59 2024 GMT subject=CN = mail.imanudin.web.id issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA SubjectAltName=mail.imanudin.web.id, www.mail.imanudin.web.id
Restart Zextras Carbonio CE
zmcontrol restart
Open Zextras Carbonio Community Edition (CE) server via browser according to the name on the SSL used: https://mail.imanudin.web.id
Good Luck 🙂