Install commercial SSL CA

[amitbiswas]

Hi,
Can anyone help me out with how to install the commercial SSL certicitate in Zentyal webserver.
Any help will be much appreciated.
kind regards,
Amit

[gandalfmagic]

The easiest way is to  (manually) overwrite the zentyal created certificates with the official/commercial ones.
In the webserver, the certificate is the same for each virtualhost you create:

/etc/apache2/ssl/apache.pem

Anyway, you can find the position of a certificate by looking into the deamon configuration files.

[vmb]

I created a reference timestamp on my server's filesystem before enabling Zentyal's CA to create new Services Certificates. I then looked for PEM files that were created after my timestamp.

At a server command line enter:
  touch /tmp/now

In the Zentyal Admin, Certification Authority, Services Certificates... enable all service certificates and save changes. When done

Back at the command line enter:
  sudo find / -name "*.pem" -newer /tmp/now

This is what i get back...

/etc/dovecot/ssl/dovecot.pem
/etc/apache2/ssl/ssl.pem
/etc/postfix/sasl/postfix.pem
/var/lib/zentyal-usercorner/ssl/ssl.pem
/var/lib/zentyal/CA/certs/DE76218F86C27E25.pem
/var/lib/zentyal/CA/keys/Zentyal.pem
/var/lib/zentyal/CA/private/Zentyal.pem
/var/lib/zentyal/CA/reqs/Zentyal.pem
/var/lib/zentyal/conf/ssl/ssl.pem

I hope this helps anyone stuck for a starting point. I haven't checked which PEM files are the same yet. That's my next step.

[vmb]

OK, so I didn't realise that my replacement certificates would be replaced when the server restarts.
I found this useful but slightly inaccurate post that put me on the right track. I made backup copies of the files that I changed and put new comments in the new versions.
http://forum.zentyal.org/index.php/topic,17046.msg67338.html#msg67338