Author Topic: [Feature Request] Use your own (wildcard) SSL certificates  (Read 3990 times)

wvanelten

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +3/-0
    • View Profile
[Feature Request] Use your own (wildcard) SSL certificates
« on: January 15, 2016, 11:09:24 am »
Hi there,

Planned on using Zentyal as replacement of our SBS 2008.

One thing I'm missing and struggling with to get it working is:

We have a wildcard SSL certificate.
I want to use that certificate in zentyal, for the webmin, webmail, e-mail and so on.
However, there is no import button for this.
And replacing the files with my own file works, for a moment. Than it gets replaced with the zentyal ones.

Please make it possible to import and use our own certificates.

ps. using Zentyal 4.2.1.3

trysomething

  • Zen Warrior
  • ***
  • Posts: 118
  • Karma: +5/-0
  • Founder of The Tiki Lab
    • View Profile
    • The Tiki Lab | Bridging the gap between technology and vision impairment!
Re: [Feature Request] Use your own (wildcard) SSL certificates
« Reply #1 on: March 04, 2016, 12:04:23 pm »
Well I'll save you a TON of hair pulling and headache on this one.  It's really pretty simple :-)
1.  Make 2 directories "mkdir -p /etc/Zentyal/stubs"  THEN "mkdir -p /etc/Zentyal/stubs/openchange"
2.  Set permissions on both like "chmod o+x /etc/Zentyal/stubs" THEN "chmod o+x /etc/Zentyal/stubs/openchange"
3.  Copy thee Opnchange Stub lie"cp /usr/share/Zentyal/stubs/openchange/apache-ocsmanager.conf.mas /etc/Zentyal/stubs/openchange"
4.  Now edit your .mas file "nano /etc/Zentyal/stubs/openchange/apache-ocsmanager.conf.mas", scroll down until you see where it says "sslengine on", under that is a pointer to the self signed SSL, delete that line out.  Depending on your certificate it may differ, but let's say you have "example.com.crt", "example.com.key" and "example.com.ca-bundle" (Comodo does the ca-bundle now it's great!).  You're going to have to point to those files like this:
     SSLCertificateFile /etc/apache2/certs/example.com.crt
     SSLCertificateKeyFile /etc/apache2/certs/example.com.key
     SSLCACertificateFile /etc/apache2/certs/example.com.ca-bundle
Edit the names and locations obviously to fit your environment and save/close the file.
5.  Make a directory (like above) "mkdir -p /etc/apache2/certs"
6.  If you're going to upload via SFTP set permissions for RWX like "chmod 0777 /etc/apache2/certs", upload your files and then fix permissions to match the original certificate store - I think it's something like 0744 or 0644 you'll have to check on that one.
7.  Now restart Openchange like "service Zentyal openchange restart" and as long as it says OK you're officially rocking the Wildcard SSL!

To help get rid of more headaches you can go check out my page I've dedicated to Zentyal 4+ on my website at http://thetikilab.com/zentyal.html - It's constantly growing too so there's almost always something new on the thing LoL.
OH yeah, for the record Zentyal does NOT support the import of PST files.  It can and likely will legit crash the Samba and Openchange quicker than you'd imagine.  There's some info about using an IMAP transfer tool to migrate mailboxes gracefully.  Then you've just gotta figure out how to drop everyone's Contacts into an LDIF or Vcard file and calendars into an Ical file to import via the webmail.  I've actually had some success just opening a PST that is offline and copying my contacts into my current user account without incident, but it's DEFFINATELY something you need to be aware of.  That bit screwed me up for a month LoL. 
You will have to excuse my posts not having actual links in them.  I'm blind and can never find that insert hyperlink button LoL.  If you, or someone you know has vision problems check out The Tiki Lab.