Site icon SSL.com

Installing an SSL Certificate in Zimbra

Installing an SSL Certificate from SSL.com in Zimbra can be easy and fun!  You can install your certificate via the command line interface (CLI) or the Admin Console:

Command Line Interface

Pro-tip: Be sure that you replace your_domain_tld.crt and your_domain_tld.ca-bundle with the actual files names that correspond to your order:
  1. Download the WHM/cPanel formatted certificate bundle from your account at SSL.com.
  2. Place the bundle on your Zimbra server and expand it; there should be two files inside: your_domain_tld.crt and your_domain_tld.ca-bundle.
  3. Place your_domain_tld.crt in /tmp/commercial.crt:
    cp your_domain_tld.crt /tmp/commercial.crt
  4. Place your_domain_tld.ca-bundle in /tmp/commercial_ca.crt:
    cp your_domain_tld.ca-bundle /tmp/commercial_ca.crt
  5. Verify that the signed SSL Certificate, Intermediate Chain / CA-Bundle, and the private key all match:
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/commercial_ca.crt

    You should see results similar to this:

    ** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /tmp/commercial.crt: OK

    If you receive an error here you must stop and be sure that the certificate that you are installing was created from a CSR built from the private key saved in /opt/zimbra/bin/commercial/commercial.key.

  6. Deploy the signed certificate from SSL.com by using zmcertmgr as root:
    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt

    A successful installation will produce output similar to this:

    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt
    ** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /tmp/commercial.crt: OK
    ** Copying /tmp/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain /tmp/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
    ** NOTE: mailboxd must be restarted in order to use the imported certificate.
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
  7. Finally, restart the Zimbra Service.
    zmcontrol restart

That’s it! You’ve successfully installed a digital security certificate in Zimbra.

Admin Console

Pro tip: If you are using the Zimbra Admin Console to install the certificate, then download and extract the “Other platforms” certificate bundle of your SSL Certificate. This bundle has the component certificate files that can be individually installed using the GUI.
  1. In the Zimbra Administration section, go to Home > Configure > Certificates and click Install Certificate.
  2. Select the target server where the SSL Certificate will be installed; select next.
  3. Select the option “Install the commercial signed certifcate“; click next.
  4. Review the CSR information; click next when ready.
  5. Add the files as follows:
    • Certificate: your_domain_tld.crt
    • Root CA: SSL_COM_ROOT_CERTIFICATION_AUTHORITY_RSA.crt
    • Intermediate CA: SSL_COM_RSA_SSL_SUBCA.crt
  6. Select the Install button when complete; the certificate will be installed.
  7. Restart Zimbra from the command line interface:
    zmcontrol restart
  8. That’s it! You can now return to the Admin Console and View the Installed Certificate.
Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.
Exit mobile version