How to Install SSL Certificate on Zimbra version 5, 6, 7 & 8 Server

Dec 26, 2016

This document provides installation instructions for Zimbra server. If you are not able to perform the steps on the server, Symantec recommends that you contact Zimbra vendor.

 

Step 1: Obtain the SSL Certificate

 

 

Please click here to download the certificate from your account

 

To install the SSL Certificate on Zimbra server, perform one of the following methods:

 

Method 1. Install the SSL certificate using Command Line Interface (CLI)

Step 1. Download the Root CA

  1. Download the Root and Intermediate certificate from here. Save Root CA certificate file (e.g. /tmp/ca.crt)
  2. Move the Intermediate and Root certificates to the same directory. (e.g. /tmp/ca_intermediate.crt)
  3. Combine Root and Intermediate CA files into a temporary file using cat command
     
    cat /tmp/ca.crt /tmp/Intermediate_CA.crt > /tmp/ca_chain.crt

Step 2. Install the SSL Certificate

  1. Verify the ssl certificate with the following zmcertmgr command
     
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt
    **Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/tmp/commercial.crt) and private key
    (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /tmp/commercial.crt: OK


    NOTEThe private key (e.g. /opt/zimbra/ssl/zimbra/commercial/commerical.key) is created on the Zimbra server .
    If the private key no longer exist on the server, a new CSR will have to be generated and submit a certificate replacement.
  1.  To deploy the ssl certificate, run the following zmcertmgr command.
     
    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt ** Verifying /tmp/commercial.crt against
    /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/tmp/commercial.crt) and private key
    (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /tmpt/commercial.crt: OK
    **Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    **Appending ca chain /tmp/ca_chain.crt to
    /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    **Saving server config key zimbraSSLCeretificate…done.
    **Saving server config key zimbraSSLPrivateKey…done.
    **Installing mta certificate and key…done.
    **Installing slapd certificate and key…done.
    **Installing proxy certificate and key…done.
    **Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done.
    **Creating keystore file /opt/zimbra/mailbox/etc/keystore…done.
    **Installing CA to /opt/zimbra/conf/ca…done.




     
  2. To verify if the ssl certificate has been successfully deployed. Run the following zmcertmgr command.
     
    /opt/zimbra/bin/zmcertmgr viewdeployedcrt


    For more information on Zimbra server using CLI commands click here

Method 2 Install the SSL Certificate through the Admin Console

 

1) Download the Root certificate from here

 

2)Download the server and intermediate certificate from here 

 

  1. Go back to Admin Console and launch the Install Certificate wizard, choose the Install the commercially signed certificate. 
    When you are prompted to upload the certificate, select ssl_certificate.crt as Certificate, root.ca as Root CA, and Intermediate_CA.crt as Intermediate CA.
     
  2. Click Next then Install.  Your Commercial Certificate will be installed successfully.
     

 

Have any Questions

If you have any questions, feel free to call us