Installing an SSL Certificate in Zimbra

Installing an SSL Certificate from in Zimbra can be easy and fun!  You can install your certificate via the command line interface (CLI) or the Admin Console:

Command Line Interface

Pro-tip: Be sure that you replace your_domain_tld.crt and with the actual files names that correspond to your order:
  1. Download the WHM/cPanel formatted certificate bundle from your account at
  2. Place the bundle on your Zimbra server and expand it; there should be two files inside: your_domain_tld.crt and
  3. Place your_domain_tld.crt in /tmp/commercial.crt:
    cp your_domain_tld.crt /tmp/commercial.crt
  4. Place in /tmp/commercial_ca.crt:
    cp /tmp/commercial_ca.crt
  5. Verify that the signed SSL Certificate, Intermediate Chain / CA-Bundle, and the private key all match:
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/commercial_ca.crt

    You should see results similar to this:

    ** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate ( and private key ( match.
    Valid Certificate: /tmp/commercial.crt: OK

    If you receive an error here you must stop and be sure that the certificate that you are installing was created from a CSR built from the private key saved in /opt/zimbra/bin/commercial/commercial.key.

  6. Deploy the signed certificate from by using zmcertmgr as root:
    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt

    A successful installation will produce output similar to this:

    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt
    ** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate ( and private key ( match.
    Valid Certificate: /tmp/commercial.crt: OK
    ** Copying /tmp/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain /tmp/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
    ** NOTE: mailboxd must be restarted in order to use the imported certificate.
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
  7. Finally, restart the Zimbra Service.
    zmcontrol restart

That’s it! You’ve successfully installed a digital security certificate in Zimbra.

Admin Console

Pro tip: If you are using the Zimbra Admin Console to install the certificate, then download and extract the “Other platforms” certificate bundle of your SSL Certificate. This bundle has the component certificate files that can be individually installed using the GUI.
  1. In the Zimbra Administration section, go to Home > Configure > Certificates and click Install Certificate.
  2. Select the target server where the SSL Certificate will be installed; select next.
  3. Select the option “Install the commercial signed certifcate“; click next.
  4. Review the CSR information; click next when ready.
  5. Add the files as follows:
    • Certificate: your_domain_tld.crt
    • Intermediate CA: SSL_COM_RSA_SSL_SUBCA.crt
  6. Select the Install button when complete; the certificate will be installed.
  7. Restart Zimbra from the command line interface:
    zmcontrol restart
  8. That’s it! You can now return to the Admin Console and View the Installed Certificate.
Thank you for choosing! If you have any questions, please contact us by email at, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

Subscribe To’s Newsletter

Don’t miss new articles and updates from

Stay Informed and Secure is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.