Page 1 of 1

Scalix 12.6 and Commercial SSL Certificate

Posted: Sun Mar 05, 2017 12:47 am
by mgarserver
Hi all,
I have installed Scalix 12.6
All is Ok.
Now I would like to use a Commercial SSL Certificate to replace the self-generated SSL for both SAC and SWA.
I have read all Scalix 12.6 documentation and Wiki and could not find information about it.

Is it possible to use a Commercial SSL Certificate to replace the self-generated SSL for both SAC and SWA?

Any feedback, help assistance will be appreciated.

Thanks,

Martin

Re: Scalix 12.6 and Commercial SSL Certificate

Posted: Mon Mar 06, 2017 7:58 am
by ScalixSupport
Hello Martin,

Actually this should be done in the same way as for self signed ssl, you just need to have ssl generated by registrar instead.

In general the way is next:

1. On scalix server create server private key and csr:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.com.key -out yourdomain.com.csr

2. Use that yourdomain.com.csr while purchasing ssl cert from your ssl authority.

3. Once you get cert form authority, (usualy it's .crt file and ca-bundle file). Upload them to scalix server.

4. On scalix server side change configuration files for swa/sac:
find your instance-<scalix-server-hostname>.conf files in /etc/opt/scalix-tomcat/connector/jk and /etc/opt/scalix-tomcat/connector/ajp
In virtualhost section for port :443 change the path to your certificates accordingly. It should look like:
...
SSLCertificateFile /etc/pki/tls/certs/yourdomain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/yourdomain.com.key
SSLCertificateChainFile /etc/pki/tls/certs/yourdomain.com.ca-bundle
...
5. Restart tomcat with command like "service scalix-tomcat restart".