- Download the WHM/cPanel formatted certificate bundle from your account at SSL.com.
- Place the bundle on your Zimbra server and expand it; there should be two files inside:
cp your_domain_tld.crt /tmp/commercial.crt
cp your_domain_tld.ca-bundle /tmp/commercial_ca.crt
- Verify that the signed SSL Certificate, Intermediate Chain / CA-Bundle, and the private key all match:
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/commercial_ca.crt
You should see results similar to this:
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key Certificate (https://d1smxttentwwqu.cloudfront.net/tmp/commercial.crt) and private key (https://d1smxttentwwqu.cloudfront.net/opt/zimbra/ssl/zimbra/commercial/commercial.key) match. Valid Certificate: /tmp/commercial.crt: OK
If you receive an error here you must stop and be sure that the certificate that you are installing was created from a CSR built from the private key saved in
- Deploy the signed certificate from SSL.com by using
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt
A successful installation will produce output similar to this:
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt ** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key Certificate (https://d1smxttentwwqu.cloudfront.net/tmp/commercial.crt) and private key (https://d1smxttentwwqu.cloudfront.net/opt/zimbra/ssl/zimbra/commercial/commercial.key) match. Valid Certificate: /tmp/commercial.crt: OK ** Copying /tmp/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt ** Appending ca chain /tmp/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt ** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done. ** NOTE: mailboxd must be restarted in order to use the imported certificate. ** Saving server config key zimbraSSLCertificate...done. ** Saving server config key zimbraSSLPrivateKey...done. ** Installing mta certificate and key...done. ** Installing slapd certificate and key...done. ** Installing proxy certificate and key...done. ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done. ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done. ** Installing CA to /opt/zimbra/conf/ca...done.
- Finally, restart the Zimbra Service.
That’s it! You’ve successfully installed a digital security certificate in Zimbra.
- In the Zimbra Administration section, go to Home > Configure > Certificates and click Install Certificate.
- Select the target server where the SSL Certificate will be installed; select next.
- Select the option “Install the commercial signed certifcate“; click next.
- Review the CSR information; click next when ready.
- Add the files as follows:
- Root CA:
- Intermediate CA:
- Select the Install button when complete; the certificate will be installed.
- Restart Zimbra from the command line interface:
- That’s it! You can now return to the Admin Console and View the Installed Certificate.