Jason Parms

As a collaborative software, Zimbra involves email server and web client along with this software allows users to keep control of their server security and privacy. The software consists of client components, server components and desktop client.

In this article, we will focus on installation of SSL certificate on Zimbra, which is a software suite comprising an email server, desktop client, and web client components. Following below steps that will help you to install SSL certificate on Zimbra.

Generate the CSR:

Before installing an SSL certificate on your Zimbra server, you must need certificate signing request (CSR). Follow the instructions to generate a CSR on Zimbra.

  • Login into Zimbra as a root privilege and provide information in following example command. /opt/zimbra/bin/zmcertmgr createcsr comm -new “/C=US/ST=Utah/L=Lehi/O=Company Inc/OU=Department/CN=your.domain.com”

   Where:

Information Description Examples
CN Common Name www.example.com
shop.example.com
*.example.com
O Organization Name BusinessName LLC
OU Department IT Department
L City/Locality Forest Hills
ST State/Province New York
C Two digit country code US
  • After running the above command, you will get CSR at location: /opt/zimbra/ssl/zimbra/commercial/commercial.csr

Extract and store the certificates:

Once you complete the SSL certificate process, the SSL provider sends a zip file on your email address. Extract all three certificates: Root certificate, Intermediate certificate and the Primary certificate and store all three files on the selected server location.

Create PEM File:

To create PEM file, combine all these three files. Copy & paste the content of the data in a new text file with name “commercial.crt”.

Note: Please note that you must copy and paste the files in sequence like primary certificate (your_domain_name.crt), intermediate certificate (your CA.crt) and root certificate (trustedroot.crt). Add BEGIN, and END tags in the certificate content.

Install Certificate:

  • Find “commercial.crt” file on “/opt/zimbra/ssl/zimbra/commercial/” and open it with text editor.
  • Open primary certificate file (your_domain_name.crt), copy & paste the content in “commercial.crt” file.
  • Open the intermediate and root certificate files, copy & paste the content in a new file named “commercial_ca.crt” and save it at “/opt/zimbra/ssl/zimbra/commercial/”.
  • The output of “commercial.crt” text files will look like this:
-----BEGIN CERTIFICATE----- 
(Your Intermediate certificate) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Root certificate) 
-----END CERTIFICATE----- 

Validate the Certificate Chain:

Now you have to run the following command to confirm the certificate chain.

/opt/zimbra/openssl/bin/openssl verify -CAfile commercial_ca.crt commercial.crt

Enable New Certificate:

Once your certificate chain is validated, you have to enable your SSL certificate with the following command.

/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt

Once an SSL certificate is configured on your Zimbra Server, you should check the certificate information using our SSL certificate installation checker tool that will help you to analyze SSL issues.

Useful Resource:

Zimbra SSL Installation Instructions for Self-Signed or Commercial Certificate.