Author Topic: [SOLVED] Zentyal 5.0 Comodo SSL  (Read 2453 times)

jrtaylor

  • Zen Apprentice
  • *
  • Posts: 15
  • Karma: +2/-0
    • View Profile
[SOLVED] Zentyal 5.0 Comodo SSL
« on: February 13, 2017, 04:04:50 pm »
Does this still apply to installing 3rd party ssl certs? https://forum.zentyal.org/index.php?topic=24513.0

If not what is the proper way to install Comodo SSL certs. I have a *.domain.com cert.
« Last Edit: February 15, 2017, 06:21:17 pm by jrtaylor »

jclendineng

  • Zen Monk
  • **
  • Posts: 61
  • Karma: +2/-0
    • View Profile
Re: Zentyal 5.0 Comodo SSL
« Reply #1 on: February 13, 2017, 08:29:28 pm »
you have to do it through linux, no way to do it through zentyal, zentyal uses bad certs, so the only way to to fix is to get it signed and manually add ssl through terminal...same way you would do it stock linux.

Edit: I read the link, I mean try it and report back? Its ubuntu linux so there is a TON of documentation out there.  Its standard ssl cert, I have mine signed by a third party to get rid of the security error on the sites and services I host.
« Last Edit: February 13, 2017, 08:33:33 pm by jclendineng »

trysomething

  • Zen Warrior
  • ***
  • Posts: 119
  • Karma: +5/-0
  • Founder of The Tiki Lab
    • View Profile
    • The Tiki Lab | Bridging the gap between technology and vision impairment!
Re: Zentyal 5.0 Comodo SSL
« Reply #2 on: February 14, 2017, 12:04:35 am »
So you can do that tutorial and it "should" work.  I did it on a test box and it worked but Zentyal installs are like snowflakes - none of them are the same.  Since it worked on my test box it's likely it will work on your machine but not a guarantee.
Did you ever read the Zentyal documentation about using stub files though?  There's the route to go, via use of stubs you can make changes that are upgrade proof.  This little tutorial needs redoing every sinle time you upgrade and sometimes when you update components - not very stable if you ask me.
I do it via stub files, it's safe, update/upgrade proof and bestest of all if it breaks something you only need to rename a single file, restart a service and you can limp along until you get it figured out.  Call me silly but it seems like a way better solution.
Check my thing out and enjoy doing it the right way!

https://forum.zentyal.org/index.php?topic=26297.0

You will have to excuse my posts not having actual links in them.  I'm blind and can never find that insert hyperlink button LoL.  If you, or someone you know has vision problems check out The Tiki Lab.

jrtaylor

  • Zen Apprentice
  • *
  • Posts: 15
  • Karma: +2/-0
    • View Profile
Re: Zentyal 5.0 Comodo SSL
« Reply #3 on: February 15, 2017, 03:58:27 pm »
Thanks for the info. Apache was easy and that is working. I had that done before I posted. It's the dovecot/postfix part that I am having problems with. There is NO openchange in 5.0.x as of right now. 5.0.x is very different so nothing that is posted in the forums seems to work. I read over the doc's and I understand what the stubs files are for and do.

jrtaylor

  • Zen Apprentice
  • *
  • Posts: 15
  • Karma: +2/-0
    • View Profile
[SOLVED]Re: Zentyal 5.0 Comodo SSL
« Reply #4 on: February 15, 2017, 04:54:05 pm »
So here is what I did to get things to work and this will will survive an upgrade.

Code: [Select]
cp /usr/share/zentyal/stubs/mail/dovecot.conf.mas /etc/zentyal/stubs/mail/
nano /etc/zentyal/stubs/mail/dovecot.conf.mas

#my $certFile = '/etc/postfix/sasl/postfix.pem';
#my $keyFile  = '/etc/postfix/sasl/postfix.pem';
my $certFile = '/etc/ssl/certs/STAR_taylortelephone_com.crt';
my $keyFile  = '/etc/ssl/private/star_taylortelephone_com.key';

cp /usr/share/zentyal/stubs/mail/dovecot.conf.mas /etc/zentyal/stubs/mail
nano /etc/zentyal/stubs/mail/dovecot.conf.mas

#ssl_cert =</etc/dovecot/private/dovecot.pem
#ssl_key =</etc/dovecot/private/dovecot.pem
ssl_cert =</etc/ssl/certs/STAR_taylortelephone_com.crt
ssl_key =</etc/ssl/private/star_taylortelephone_com.key

nano /etc/apache2/sites-available/default-ssl.conf

                #SSLCertificateFile     /etc/ssl/certs/ssl-cert-snakeoil.pem
                #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
                SSLCertificateFile      /etc/ssl/certs/STAR_taylortelephone_com.crt
                SSLCertificateKeyFile   /etc/ssl/private/star_taylortelephone_com.key
                SSLCertificateChainFile /etc/ssl/certs/STAR_taylortelephone_com.ca-bundle

zs mail restart
systemctl restart apache2

« Last Edit: February 15, 2017, 06:08:12 pm by jrtaylor »

trysomething

  • Zen Warrior
  • ***
  • Posts: 119
  • Karma: +5/-0
  • Founder of The Tiki Lab
    • View Profile
    • The Tiki Lab | Bridging the gap between technology and vision impairment!
Re: [SOLVED] Zentyal 5.0 Comodo SSL
« Reply #5 on: May 03, 2017, 09:53:58 pm »
Finally got around to getting on this and that's awesome except that the 1st part where you put dovecot.conf.mas it should be main.conf.mas

Code: [Select]
cp /usr/share/zentyal/stubs/mail/main.cf.mas /etc/zentyal/stubs/mail/
nano /etc/zentyal/stubs/mail/main.cf.mas

#my $certFile = '/etc/postfix/sasl/postfix.pem';
#my $keyFile  = '/etc/postfix/sasl/postfix.pem';
my $certFile = '/etc/ssl/certs/TIKI7.crt
my $keyFile  = '/etc/ssl/certs/TIKI7.key

You will have to excuse my posts not having actual links in them.  I'm blind and can never find that insert hyperlink button LoL.  If you, or someone you know has vision problems check out The Tiki Lab.

chichomr

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] Zentyal 5.0 Comodo SSL
« Reply #6 on: July 05, 2017, 01:07:14 pm »
Hello All,

I recently upgraded my Zentyal box to 5.0 and it was working fine until now that the certificate expired. I followed the instructions laid above, but when I try to restart the mail service it fails.

I'm new to linux, any help on where are the logs so I can check why is it failing for me?

on dovecot:
ssl_cert =</etc/ssl/certs/emailzentyal_mobilesv_com.crt
ssl_key =</etc/ssl/certs/emailzentyal_mobilesv_com.key

on main:
my $certFile = '/etc/ssl/certs/emailzentyal_mobilesv_com.crt';
my $keyFile = '/etc/ssl/certs/emailzential_mobilesv_com.key';

on apache:
SSLCertificateFile   /etc/ssl/certs/emailzentyal_mobilesv_com.crt
SSLCertificateKeyFile   /etc/ssl/certs/emailzentyal_mobilesv_com.key   
SSLCertificateChainFile /etc/ssl/certs/mobilesv_com.crt

Thank you .

dunwan

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] Zentyal 5.0 Comodo SSL
« Reply #7 on: January 17, 2019, 09:18:34 pm »
2019 and these instructions worked perfect (@chichomr with the update from @trysomething -- thanks guys)

cp /usr/share/zentyal/stubs/mail/main.cf.mas /etc/zentyal/stubs/mail/
nano /etc/zentyal/stubs/mail/main.cf.mas

#my $certFile = '/etc/postfix/sasl/postfix.pem';
#my $keyFile  = '/etc/postfix/sasl/postfix.pem';
my $certFile = '/etc/ssl/certs/STAR_taylortelephone_com.crt';
my $keyFile  = '/etc/ssl/private/star_taylortelephone_com.key';

cp /usr/share/zentyal/stubs/mail/dovecot.conf.mas /etc/zentyal/stubs/mail
nano /etc/zentyal/stubs/mail/dovecot.conf.mas

#ssl_cert =</etc/dovecot/private/dovecot.pem
#ssl_key =</etc/dovecot/private/dovecot.pem
ssl_cert =</etc/ssl/certs/STAR_taylortelephone_com.crt
ssl_key =</etc/ssl/private/star_taylortelephone_com.key

nano /etc/apache2/sites-available/default-ssl.conf

                #SSLCertificateFile     /etc/ssl/certs/ssl-cert-snakeoil.pem
                #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
                SSLCertificateFile      /etc/ssl/certs/STAR_taylortelephone_com.crt
                SSLCertificateKeyFile   /etc/ssl/private/star_taylortelephone_com.key
                SSLCertificateChainFile /etc/ssl/certs/STAR_taylortelephone_com.ca-bundle

zs mail restart
systemctl restart apache2

** restarting mail and apache did not work for me, got a permission error. Rebooting the machine (VM running on Hyper-V did the trick

 

mailcat