How to Install SSL Certificate on Zimbra version 5, 6, 7 & 8 Server

Solution ID:    SO20541    Updated:    11/23/2015

Solution

This document provides installation instructions for Zimbra server. If you are not able to perform the steps on the server, Symantec recommends that you contact Zimbra vendor.
 

Step 1: Obtain the SSL Certificate

  1. Download the server certificate and Intermediate CA certificate
    1. Symantec Trust Center Enterprise.  Please select "Other" as the server platform.  You will receive the server certificate and Intermediate CA certificate with a .ZIP file.
    2. Symantec Trust Center.  Please select "Other" as the server platform.  You will receive the server certificate and Intermediate CA certificate with a .ZIP file.
    3. Certificates purchased though Partners.  Please select "X.509" as the format and also download the Additional Certificate as this is the Intermediate CA.


To install the SSL Certificate on Zimbra server, perform one of the following methods:

Method 1. Install the SSL certificate using Command Line Interface (CLI)

Step 1. Download the Symantec Root CA

  1. Download the Symantec Root CA certificate.  Save Root CA certificate file (e.g. /tmp/ca.crt)
  2. Move the Intermediate and Root certificates to the same directory. (e.g. /tmp/ca_intermediate.crt)
  3. Combine Root and Intermediate CA files into a temporary file using cat command
     
    cat /tmp/ca.crt /tmp/Intermediate_CA.crt > /tmp/ca_chain.crt


Step 2. Install the SSL Certificate

  1. Verify the ssl certificate with the following zmcertmgr command
     
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt
    **Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/tmp/commercial.crt) and private key
    (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /tmp/commercial.crt: OK


    NOTE: The private key (e.g. /opt/zimbra/ssl/zimbra/commercial/commerical.key) is created on the Zimbra server .
    If the private key no longer exist on the server, a new CSR will have to be generated and submit a certificate replacement.
     
  2.  To deploy the ssl certificate, run the following zmcertmgr command.
     
    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt ** Verifying /tmp/commercial.crt against
    /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/tmp/commercial.crt) and private key
    (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /tmpt/commercial.crt: OK
    **Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    **Appending ca chain /tmp/ca_chain.crt to
    /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    **Saving server config key zimbraSSLCeretificate…done.
    **Saving server config key zimbraSSLPrivateKey…done.
    **Installing mta certificate and key…done.
    **Installing slapd certificate and key…done.
    **Installing proxy certificate and key…done.
    **Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done.
    **Creating keystore file /opt/zimbra/mailbox/etc/keystore…done.
    **Installing CA to /opt/zimbra/conf/ca…done.




     
  3. To verify if the ssl certificate has been successfully deployed. Run the following zmcertmgr command.
     
    /opt/zimbra/bin/zmcertmgr viewdeployedcrt


    For more information on Zimbra server using CLI commands click here



Method 2 Install the SSL Certificate through the Admin Console

  1. Download the Symantec Root Certificate Authority (CA) Certificate and save the file as root.ca file in Notepad.
     
  2. Download the server certificate and Intermediate CA certificate
    1. Symantec Trust Center Enterprise.  Please select "Other" as the server platform.  You will receive the server certificate and Intermediate CA certificate with a .ZIP file.
    2. Symantec Trust Center.  Please select "Other" as the server platform.  You will receive the server certificate and Intermediate CA certificate with a .ZIP file.
    3. Certificates purchased though Partners.  Please select "X.509" as the format and also download the Additional Certificate as this is the Intermediate CA.
       
  3. Go back to Admin Console and launch the Install Certificate wizard, choose the Install the commercially signed certificate. 
    When you are prompted to upload the certificate, select ssl_certificate.crt as Certificate, root.ca as Root CA, and Intermediate_CA.crt as Intermediate CA.
     
  4. Click Next then Install.  Your Commercial Certificate will be installed successfully.
     
  5. Restart the Zimbra server.
     
  6. Verify your installation with the Symantec CryptoReport

 

Disclaimer:

RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Find Answers


Search Tips