How to Install SSL Certificate on Zimbra version 5, 6, 7 & 8 Server

Solution ID:    SO20541    Updated:    11/23/2015

Solution

This document provides installation instructions for Zimbra server. If you are not able to perform the steps on the server, Symantec recommends that you contact Zimbra vendor.
 

Step 1: Obtain the SSL Certificate

  1. Download the server certificate and Intermediate CA certificate
    1. Symantec Trust Center Enterprise.  Please select "Other" as the server platform.  You will receive the server certificate and Intermediate CA certificate with a .ZIP file.
    2. Symantec Trust Center.  Please select "Other" as the server platform.  You will receive the server certificate and Intermediate CA certificate with a .ZIP file.
    3. Certificates purchased though Partners.  Please select "X.509" as the format and also download the Additional Certificate as this is the Intermediate CA.


To install the SSL Certificate on Zimbra server, perform one of the following methods:

Method 1. Install the SSL certificate using Command Line Interface (CLI)

Step 1. Download the Symantec Root CA

  1. Download the Symantec Root CA certificate.  Save Root CA certificate file (e.g. /tmp/ca.crt)
  2. Move the Intermediate and Root certificates to the same directory. (e.g. /tmp/ca_intermediate.crt)
  3. Combine Root and Intermediate CA files into a temporary file using cat command
     
    cat /tmp/ca.crt /tmp/Intermediate_CA.crt > /tmp/ca_chain.crt


Step 2. Install the SSL Certificate

  1. Verify the ssl certificate with the following zmcertmgr command
     
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt
    **Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/tmp/commercial.crt) and private key
    (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /tmp/commercial.crt: OK


    NOTE: The private key (e.g. /opt/zimbra/ssl/zimbra/commercial/commerical.key) is created on the Zimbra server .
    If the private key no longer exist on the server, a new CSR will have to be generated and submit a certificate replacement.
     
  2.  To deploy the ssl certificate, run the following zmcertmgr command.
     
    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt ** Verifying /tmp/commercial.crt against
    /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/tmp/commercial.crt) and private key
    (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /tmpt/commercial.crt: OK
    **Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    **Appending ca chain /tmp/ca_chain.crt to
    /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    **Saving server config key zimbraSSLCeretificate…done.
    **Saving server config key zimbraSSLPrivateKey…done.
    **Installing mta certificate and key…done.
    **Installing slapd certificate and key…done.
    **Installing proxy certificate and key…done.
    **Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done.
    **Creating keystore file /opt/zimbra/mailbox/etc/keystore…done.
    **Installing CA to /opt/zimbra/conf/ca…done.




     
  3. To verify if the ssl certificate has been successfully deployed. Run the following zmcertmgr command.
     
    /opt/zimbra/bin/zmcertmgr viewdeployedcrt


    For more information on Zimbra server using CLI commands click here



Method 2 Install the SSL Certificate through the Admin Console

  1. Download the Symantec Root Certificate Authority (CA) Certificate and save the file as root.ca file in Notepad.
     
  2. Download the server certificate and Intermediate CA certificate
    1. Symantec Trust Center Enterprise.  Please select "Other" as the server platform.  You will receive the server certificate and Intermediate CA certificate with a .ZIP file.
    2. Symantec Trust Center.  Please select "Other" as the server platform.  You will receive the server certificate and Intermediate CA certificate with a .ZIP file.
    3. Certificates purchased though Partners.  Please select "X.509" as the format and also download the Additional Certificate as this is the Intermediate CA.
       
  3. Go back to Admin Console and launch the Install Certificate wizard, choose the Install the commercially signed certificate. 
    When you are prompted to upload the certificate, select ssl_certificate.crt as Certificate, root.ca as Root CA, and Intermediate_CA.crt as Intermediate CA.
     
  4. Click Next then Install.  Your Commercial Certificate will be installed successfully.
     
  5. Restart the Zimbra server.
     
  6. Verify your installation with the Symantec CryptoReport

 

Disclaimer:

Terms of use for this information are found in Legal Notices

Contact Support

Find Answers