In my workplaces is a Zimbra Authorized Partners offering Zimbra Mail Server visit maintenance or remote service.

One of favorite service of PT Excellent Infotama Kreasindo is Zimbra VPS Cloud, where client can using their email server for company without Investing a Hardware and Email Administrator, because the server will be handled professionaly with us. If client have a obstacle with server, the team support will be happy for help.

And i was one of the support team for the service. Every order comes, I demanded to be faster in the setup. One of the trick, i made a simple bash script for Generate Zimbra SSL (CSR) Certificate.

Refers to Zimbra Wiki, the command for Generate CSR are :

Single Domain

/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=ID/ST=Jawa Barat/L=Bekasi/O=PT Excellent Infotama Kreasindo/OU=IT/CN=mail.excellent.co.id" -subjectAltNames mail.excellent.co.id

Multi Domain (UCC)

/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=ID/ST=Jawa Barat/L=Bekasi/O=PT Excellent Infotama Kreasindo/OU=IT/CN=mail.excellent.co.id" -subjectAltNames mail.excellent.co.id,mail.dhenandi.web.id,www.fiqmanaufal.com

Wildcard Domain

/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=ID/ST=Jawa Barat/L=Lokasi/O=PT Excellent Infotama Kreasindo/OU=IT/CN=*.dhenandi.web.id"

With the command, i had to change one by one for the Certificate identity by directing mouse or keyboard to the each of field, so lazy 😀 At least, with my simple script, i can fill the field with Just Hit the “Enter” key :-P.

Okay, you can test the script with download it. First, login into your Zimbra Server with SSH,  download the script with wget or w3m,  change the permissions, then Execute the script and you just fill one by one the field.

Finally, the script will be automaticaly generate CSR according the value. Here :

wget -c https://dhenandi.com/repo/automaticaly-generate-csr-zimbra.sh
chmod +x automaticaly-generate-csr-zimbra.sh
./automaticaly-generate-csr-zimbra.sh

Screen shoot :

ssl-auto

Okay, If you have any further information on this script. Pleaseee, fell free to contact me, Thank You 😉

UPDATE ZIMBRA 8.7!!!

If you using zimbra 8.7 , you must run it by zimbra user.

chown -R zimbra:zimbra automaticaly-generate-csr-zimbra.sh
su - zimbra
./automaticaly-generate-csr-zimbra.sh

Dhenandi Putra

Hi, I'm dhenandi, Mac and openSUSE user. An office boy, typist, and man behind this blog. I also write on another blog https://dhenandi.web.id/ in Bahasa Indonesia.

1 Comment

Eddie InfoSec · February 11, 2019 at 9:45 pm

Thanks for your script, but i would need to integrate the CSR from CloudFlare to my server ( mail.domain.tld ), as i’m using already the same CSR for the same domain.tld

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.