Zentyal Forum, Linux Small Business Server

Zentyal Server => Contributions / Tips&Tricks / Features Requests => Topic started by: wvanelten on January 15, 2016, 11:09:24 am

Title: [Feature Request] Use your own (wildcard) SSL certificates
Post by: wvanelten on January 15, 2016, 11:09:24 am

Hi there,

Planned on using Zentyal as replacement of our SBS 2008.

One thing I'm missing and struggling with to get it working is:

We have a wildcard SSL certificate.
I want to use that certificate in zentyal, for the webmin, webmail, e-mail and so on.
However, there is no import button for this.
And replacing the files with my own file works, for a moment. Than it gets replaced with the zentyal ones.

Please make it possible to import and use our own certificates.

ps. using Zentyal 4.2.1.3

Title: Re: [Feature Request] Use your own (wildcard) SSL certificates
Post by: trysomething on March 04, 2016, 12:04:23 pm

Well I'll save you a TON of hair pulling and headache on this one.  It's really pretty simple :-)
1.  Make 2 directories "mkdir -p /etc/Zentyal/stubs"  THEN "mkdir -p /etc/Zentyal/stubs/openchange"
2.  Set permissions on both like "chmod o+x /etc/Zentyal/stubs" THEN "chmod o+x /etc/Zentyal/stubs/openchange"
3.  Copy thee Opnchange Stub lie"cp /usr/share/Zentyal/stubs/openchange/apache-ocsmanager.conf.mas /etc/Zentyal/stubs/openchange"
4.  Now edit your .mas file "nano /etc/Zentyal/stubs/openchange/apache-ocsmanager.conf.mas", scroll down until you see where it says "sslengine on", under that is a pointer to the self signed SSL, delete that line out.  Depending on your certificate it may differ, but let's say you have "example.com.crt", "example.com.key" and "example.com.ca-bundle" (Comodo does the ca-bundle now it's great!).  You're going to have to point to those files like this:
     SSLCertificateFile /etc/apache2/certs/example.com.crt
     SSLCertificateKeyFile /etc/apache2/certs/example.com.key
     SSLCACertificateFile /etc/apache2/certs/example.com.ca-bundle
Edit the names and locations obviously to fit your environment and save/close the file.
5.  Make a directory (like above) "mkdir -p /etc/apache2/certs"
6.  If you're going to upload via SFTP set permissions for RWX like "chmod 0777 /etc/apache2/certs", upload your files and then fix permissions to match the original certificate store - I think it's something like 0744 or 0644 you'll have to check on that one.
7.  Now restart Openchange like "service Zentyal openchange restart" and as long as it says OK you're officially rocking the Wildcard SSL!

To help get rid of more headaches you can go check out my page I've dedicated to Zentyal 4+ on my website at http://thetikilab.com/zentyal.html - It's constantly growing too so there's almost always something new on the thing LoL.
OH yeah, for the record Zentyal does NOT support the import of PST files.  It can and likely will legit crash the Samba and Openchange quicker than you'd imagine.  There's some info about using an IMAP transfer tool to migrate mailboxes gracefully.  Then you've just gotta figure out how to drop everyone's Contacts into an LDIF or Vcard file and calendars into an Ical file to import via the webmail.  I've actually had some success just opening a PST that is offline and copying my contacts into my current user account without incident, but it's DEFFINATELY something you need to be aware of.  That bit screwed me up for a month LoL.