Posted by To ensure trusted access to the Zextras Carbonio Community Edition server from various applications such as browsers, mobile apps, and more, we must install an SSL certificate.
The step-by-step consists of
– Generate CSR according to the type (single, multi or wildcard)
– Give CSR to SSL Provider
– Get the SSL Certificate file from the SSL provider
– Install SSL Certificate on Zextras Carbonio Community Edition server
# Generate CSR
Generate CSR using CLI
– Generate CSR for SSL Single Domain
su - zextras /opt/zextras/bin/zmcertmgr createcsr comm -new -subject "/CN=mail.imanudin.web.id/C=ID/ST=Jawa Barat/L=Bekasi/O=Imanudin Inc/OU=IT"
The CSR generate command above is for Single Domain SSL with the name mail.imanudin.web.id
– Generate CSR for SSL Multi Domain (UCC)
su - zextras /opt/zextras/bin/zmcertmgr createcsr comm -new -subject "/CN=mail.imanudin.web.id/C=ID/ST=Jawa Barat/L=Bekasi/O=Imanudin Inc/OU=IT" -subjectAltNames mail.imanudin.com,mail.imanudin.net
The CSR generate command above is for SSL Multi Domain (UCC) with 3 different name. i.e mail.imanudin.web.id, mail.imanudin.com, and mail.imanudin.net
– Generate CSR for SSL Wildcard Domain
su - zextras /opt/zextras/bin/zmcertmgr createcsr comm -new -subject "/CN=*.imanudin.web.id/C=ID/ST=Jawa Barat/L=Bekasi/O=Imanudin Inc/OU=IT"
The CSR generate command above is for SSL Wildcard Domain with name *.imanudin.web.id
The generated CSR from the above command is in the file /opt/zextras/ssl/carbonio/commercial/commercial.csr
zextras@mail:~$ cat /opt/zextras/ssl/carbonio/commercial/commercial.csr -----BEGIN CERTIFICATE REQUEST----- MIIDBTCCAe0CAQAwdjEdMBsGA1UEAwwUbWFpbC5pbWFudWRpbi53ZWIuaWQxCzAJ BgNVBAYTAklEMRMwEQYDVQQIDApKYXdhIEJhcmF0MQ8wDQYDVQQHDAZCZWthc2kx FTATBgNVBAoMDEltYW51ZGluIEluYzELMAkGA1UECwwCSVQwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDsjiHrHau7LZkMIlMBI93v7imwzfE0xEy8iXPE //8x+ogBmFC1Sc/LDVlbuVnVn45UvyeB5En6oYjqo1GhqzGeme61BsGVrS+vIPf0 yir2mSZD8ZXO2pbleFRYLBS6VT1WmgJPByXigU5ScbghcUXb4T689UEhU4fXs0rW xCPVPBTjM5LlyytMgB3ERJ3sdsrQoMVb4PtdRQ2sw84AxUYtFxe/SjfyS7oE6kTB 8UAMIvI96CVrJtuqqTVw86JKaz850T4mzNpG512J8e8lliaS29yfh2qBTjUQrfSj 1BDycIlB4KsG4kmub9cJI5DkUijjYtQFqLKdxR+t44ZRsjg1AgMBAAGgSjBIBgkq hkiG9w0BCQ4xOzA5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB8GA1UdEQQYMBaC FG1haWwuaW1hbnVkaW4ud2ViLmlkMA0GCSqGSIb3DQEBCwUAA4IBAQCvsWmYj1mu W23w/QCH33RctxWr7jrF53uDdBklrzVr/hdeHmW+3Pb8HmAVfMf3hMEFgQKWmxSP XriVtBrPEdljybyO6WXeo/dtgQOiBinxK53kMGGhKFHAvVZrb+Qc0Pa4V7oUfmKX slhLhKW6VbotwoMZpfKNECBJwgyB/jEbtUFbb3uWRFeOV1P+FeZplNU7yAec0rSF 78tNgIChQwF2SOW0ggs8WAmp3jXzml+Hnn9yQEste3jNDd/YRCJPDz4oBFmTp2Et Qfqx+aQp3RTcOia8jAjWkHV4uQ7ZqtkQD/XnItuIjrLO97Jo+v60Yzw2w1vq6LST 8EBExalrI/rB -----END CERTIFICATE REQUEST-----
Give that file to the SSL provider
# Install Commercial SSL Certificate
You will receive below files from SSL provider
ca_bundle_sectigo.crt Intermediate_CA_sectigo.crt Root_CA_sectigo.crt mail_imanudin_web_id.crt
Save/upload the file above to the /tmp/ folder on the Zextras Carbonio Community Edition (CE) server
Change the owner
cd /tmp/ chown zextras.zextras *.crt
Verify commercial key with SSL certificate
zmcertmgr verifycrt comm /opt/zextras/ssl/carbonio/commercial/commercial.key /tmp/mail_imanudin_web_id.crt /tmp/ca_bundle_sectigo.crt
If match, you can continue installing the SSL certificate
zmcertmgr deploycrt comm /tmp/mail_imanudin_web_id.crt /tmp/ca_bundle_sectigo.crt
View SSL certificate that has been installed
zmcertmgr viewdeployedcrt
zextras@mail:~$ zmcertmgr viewdeployedcrt - ldap: /opt/zextras/conf/slapd.crt notBefore=May 28 00:00:00 2023 GMT notAfter=May 28 23:59:59 2024 GMT subject=CN = mail.imanudin.web.id issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA SubjectAltName=mail.imanudin.web.id, www.mail.imanudin.web.id - mailboxd: /opt/zextras/mailboxd/etc/mailboxd.pem notBefore=May 28 00:00:00 2023 GMT notAfter=May 28 23:59:59 2024 GMT subject=CN = mail.imanudin.web.id issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA SubjectAltName=mail.imanudin.web.id, www.mail.imanudin.web.id - mta: /opt/zextras/conf/smtpd.crt notBefore=May 28 00:00:00 2023 GMT notAfter=May 28 23:59:59 2024 GMT subject=CN = mail.imanudin.web.id issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA SubjectAltName=mail.imanudin.web.id, www.mail.imanudin.web.id - proxy: /opt/zextras/conf/nginx.crt notBefore=May 28 00:00:00 2023 GMT notAfter=May 28 23:59:59 2024 GMT subject=CN = mail.imanudin.web.id issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA SubjectAltName=mail.imanudin.web.id, www.mail.imanudin.web.id
Restart Zextras Carbonio CE
zmcontrol restart
Open Zextras Carbonio Community Edition (CE) server via browser according to the name on the SSL used: https://mail.imanudin.web.id
Good Luck 🙂