Optimizing and securing Zimbra Open Source Edition

The next commands are used to optimize and secure my Zimbra Collaboration 8.8 Open Source Edition (executed as user zimbra in the CLI): zmdhparam set -new 3072 zmprov mcf zimbraMtaSmtpTlsMandatoryCiphers high zmprov mcf zimbraMtaSmtpdTlsMandatoryCiphers high zmprov mcf zimbraMtaSmtpdTlsCiphers high zmlocalconfig -e postfix_enable_smtpd_policyd=yes zmprov mcf zimbraMtaEnableSmtpdPolicyd TRUE zmprov mcf +zimbraMtaRestriction “check_policy_service unix:private/policy” zmprov mcf zimbraMtaSmtpTlsSecurityLevel may […]

openssl pkcs12 export to ‘/opt/zimbra/ssl/zimbra/jetty.pkcs12’ failed(1)

When you encounter the following error: ** Creating file ‘/opt/zimbra/ssl/zimbra/jetty.pkcs12’ERROR: openssl pkcs12 export to ‘/opt/zimbra/ssl/zimbra/jetty.pkcs12’ failed(1):unable to load certificates140665143981720:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:805: Do this (when for example having all the certs temporarily stored in /tmp/): chown zimbra:zimbra /tmp/*.crt chmod 666 /tmp/*.crt Source: https://forums.zimbra.org/viewtopic.php?t=60189

Switch from Certbot to acme.sh

I normally use Certbot to issue and install the free Let’s Encrypt certificates. But I haven’t found a, or there is no, convenient way to issue ECC-certificates with Certbot. For that reason I switched from Certbot to acme.sh. With acme.sh I can generate ECC certificates, without having to generate all kinds of extra files before […]