Matt Pson Just another dead sysadmin blog

6Feb/13Off

Install a SSL certificate on Zimbra 8

The quickest guide ever, follow it at your own risk (your mileage may vary etc.). This is how I did it (IIRC), as root:

# openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr

 

(then off to buy me a SSL certificate from some trustworthy provider ...or, as in my case, one that gives you a great deal. what I go back was 2 files; a certificate (.crt) and a bundle (ca-bundle) to provide a certificate chain for authentication)

 

# cp server.key /opt/zimbra/ssl/zimbra/commercial/commercial.key
# cp server.crt /opt/zimbra/ssl/zimbra/commercial/commercial.crt
# cp server.ca-bundle /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
# /opt/zimbra/openssl/bin/openssl verify -CAfile commercial_ca.crt commercial.crt

(if the last step fail and give any error message you probably have an incomplete bundle. download a more complete one (you may have to merge the files yourself) from the SSL provider)

# /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt


(this deploys the certificate into Zimbra. Now just restart Zimbra to activate it all across the board)

# su - zimbra
$ zmcontrol stop
$ zmcontrol start

 

There, done.

6Feb/13Off

Moving to Zimbra 8 (and the 24 hour clock)

I recently took some decisions that gave me a most needed kick in the behind to upgrade/replace things that has been in my personal infrastructure for ages. Among those things was my mailserver that even in early 2013 was running pretty much the same Qmail installation I made back in 2005 (which in turn was based upon the 2002/2003 one I did at work).

Three fundamental things has changed since 2005:

  1. I'm 100% more convenient today and really into less work on simple things so I can direct my attention to things that are fun and requires creative thinking - ie. not fiddling with compiling my own mailserver.
  2. I'm 1000% more mobile in my usage of mail and Internet. In 2005 I probably read all my mail sitting at a computer using some kind of mail client (Alpine or Thunderbird). Today it's 99% in my mobile phone  my tablet or in a web browser  I'm also an frequent user of a calendar - that I blame on my bad memory. I think the people around appreciates that I can almost remember half a appointment these days.
  3. There is 10000% (figure not statistically proven but it feels like it) more spam hitting my mailbox that needs dealing with and that doesn't even make my top 500000 list of fun things to do.

zimbraPutting my experiences from a recent VMware Zimbra project at work I decided that the Open Source Edition was probably overkill for me but yet I wanted the standard features (works on all my devices, uses SSL, low cost since it's for personal use) plus a nice  adminstration panel and the (really) excellent webmail client.

So, off to one of my favourite VPS providers and signed up for a new 2GB RAM server, downloading Zimbra, purchasing a proper SSL certificate (got a nice deal on a 5-year one, no need to update until 2018) and spent about 2 hours installing everything. Compared to poking around with my previous installation this was probably about half the time spent. Instant success!

Thanks to VMware for improving the installation experience in Zimbra 8 compared to Zimbra 6 or 7 that was a bit dodgy at times, especially when installing a SSL certificate. I can really recommned Zimbra 8 if you are a little experienced and know your way around a normal Linux system and don't want to spend time on getting mailserver, antispam, webbmail, calendar and some kind of control panel to play nicely together. Just be aware of that it needs more than 1GB of RAM to run smoothly even in a minimal installation these days.

The only thing that kept bugging me using the webmail was that I couldn't find any setting to change the, for us Europeans  confusing AM/PM clock. The metric system is used in most of the world except a handful of countries  yet so much software assumes everybody uses it by default. To change it in Zimbra you have to change language from the default "English (United States)" to "English (United Kingdom)". Doh! Why not a simple choice that lets you pick either "12 hours" or "24 hours"? There is also a choice "English (Australia)" but who knows what time format you get then (I didn't dare to try).

(this last thing was a post in the use-the-blog-as-a-external-memory category)