How to Install SSL Certificate on Zimbra version 5, 6, 7 & 8 Server

Step 1: Obtain the SSL Certificate

Please click here to download the certificate from your account

To install the SSL Certificate on Zimbra server, perform one of the following methods:

Method 1. Install the SSL certificate using Command Line Interface (CLI)

Step 1. Download the Root CA

1. Download the Root and Intermediate certificate from here. Save Root CA certificate file (e.g. /tmp/ca.crt)
2. Move the Intermediate and Root certificates to the same directory. (e.g. /tmp/ca_intermediate.crt)
3. Combine Root and Intermediate CA files into a temporary file using cat command
   
    
   cat /tmp/ca.crt /tmp/Intermediate_CA.crt > /tmp/ca_chain.crt

Step 2. Install the SSL Certificate

1. Verify the ssl certificate with the following zmcertmgr command
   
    
   /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt
**Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/tmp/commercial.crt) and private key
(/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /tmp/commercial.crt: OK
   
   
   
   
   NOTE: The private key (e.g. /opt/zimbra/ssl/zimbra/commercial/commerical.key) is created on the Zimbra server .
   
   If the private key no longer exist on the server, a new CSR will have to be generated and submit a certificate replacement.
   

1.  To deploy the ssl certificate, run the following zmcertmgr command.
   
    
   /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt ** Verifying /tmp/commercial.crt against
/opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/tmp/commercial.crt) and private key
(/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /tmpt/commercial.crt: OK
**Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
**Appending ca chain /tmp/ca_chain.crt to
/opt/zimbra/ssl/zimbra/commercial/commercial.crt
**Saving server config key zimbraSSLCeretificate…done.
**Saving server config key zimbraSSLPrivateKey…done.
**Installing mta certificate and key…done.
**Installing slapd certificate and key…done.
**Installing proxy certificate and key…done.
**Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done.
**Creating keystore file /opt/zimbra/mailbox/etc/keystore…done.
**Installing CA to /opt/zimbra/conf/ca…done.
   
   
   
   
   
   
   
   
    
2. To verify if the ssl certificate has been successfully deployed. Run the following zmcertmgr command.
   
    
   /opt/zimbra/bin/zmcertmgr viewdeployedcrt
   
   
   
   
   For more information on Zimbra server using CLI commands click here
   

Method 2 Install the SSL Certificate through the Admin Console

1) Download the Root certificate from here

2)Download the server and intermediate certificate from here 

1. Go back to Admin Console and launch the Install Certificate wizard, choose the Install the commercially signed certificate. 
   When you are prompted to upload the certificate, select ssl_certificate.crt as Certificate, root.ca as Root CA, and Intermediate_CA.crt as Intermediate CA.
    
2. Click Next then Install.  Your Commercial Certificate will be installed successfully.