Live Chat
BlogCart
Same Certs
Cheapest Price Seal
Less Price
Posted on by admin

How to Install SSL Certificate on Zimbra Server

Zimbra Collaboration Suite (ZCS) is a free, open source Email and Collaboration server for enterprises, which includes an email server and web client components used to provide complete messaging and collaboration solutions.

You need to install SSL certificate in Zimbra collaboration server for communicating with hosts over SSL/TLS. There are two ways of SSL certificate installation on Zimbra server:

i) Administration Console (Web Interface)
ii) Certificate Manager (Command Line Interface)

First of all, You will need to generate CSR (Certificate Signing Request) on your ZCS and send the CSR to issuing Certificate Authority (CA) for issuance of valid SSL certificate.

Generate CSR in Zimbra Collaboration Server via Admin Console:

Follow the instructions to generate CSR file using Zimbra Administration Console:

  1. Login to your Zimbra Administration Console using a browser and navigate to Home > Configure and click “Certificates” option.

    Zimbra SSL Admin Console
  1. On the right Click on “settings” icon, click “Install Certificate” option.

    install certificate on Zimbra
  1. Now, Certificate Installation Wizard will pop up, where you can select your targeted server name for SSL certificate installation from left navigation pane, then click Next button.

    ZCS Certificate Installation Wizard
  1. Select “Generate the CSR for the commercial certificate authorizer” option, Click Next button

    ZCS Generate CSR Window
  1. Fill details in their respective fields under Certificate Installation Wizard as shown in below screenshot and click ‘Next’ button

    CSR form via Zimbra Admin Console

 

Please Note:
For Wildcard SSL certificate request, check the box “Use Wildcard Common Name”.
For Multi Domain SSL certificate request, you need to specify another Subject Alternative Names in form field indicated in picture above.

  1. Next, Click the Download the CSR link to save CSR file that you need to send to Certificate Authority in order to get SSL certificate.

    2. Download CSR Zimbra Admin Console

What if you missed 6th step?

You can locate the generated CSR file under Commercial Directory (e.g. /opt/zimbra/ssl/zimbra/commercial directory/commercial.csr)

SSL Certificate Installation via Zimbra Administration Console:

Extract four certificate files or CAbundle that you received in a ZIP file via email sent from CA (Certificate Authority) includes Primary Certificate File (.crt), Root CA (ICARoot.crt), and both Intermediate CA files.

Follow the instructions to install CA signed SSL certificate files on your targeted server through Zimbra Administration Console.

  1. After selection of target server, click Install the commercially signed certificate option, click Next

    install SSL via Zimbra Admin Console
  1. Select Review the CSR request from left navigation pane, click Next.

    Review the CSR Request on Zimbra
  1. In the left navigation pane, click Upload the Certificate option to add one by one all certificate files received from CA in their respective places, and then click Next.

    Upload SSL in Zimbra
  1. Select Install button under selection of Install the Certificate as shown in left navigation pane.

    Install SSL using Zimbra Admin Console
  1. Restart your Zimbra Collaboration server (ZCS).

Finally, you have configured SSL certificate on your ZCS Server. You can view installed certificate upon returning to Admin Console.

SSL Certificate Installation via Command Line Interface (CLI):

Run following command to generate CSR for Zimbra via Command Line Interface (CLI):

/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=US/ST=CA/L=LosAngeles/O=Zimbra/OU=Zimbra Collaboration Suite/CN=host.example.com" -subjectAltNames host.example.com

You will find generated CSR at following location:

/opt/zimbra/ssl/zimbra/commercial/commercial.csr

For SSL installation on Zimbra Collaboration Server (ZCS) via CLI, you will have to concatenate (combine) four CAbundle files received from Certificate Authority using a text editor and save file name as commercial_ca.crt.

Please note: Copy and paste all the files and the data in the sequence like the primary certificate file (your_domain_name.crt), then intermediate certificate (your CA.crt) and in the last root certificate (trustedroot.crt). Always start with the BEGIN, and END tags in the certificate content.

-----BEGIN CERTIFICATE----- 
(Your Intermediate certificate) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Root certificate) 
-----END CERTIFICATE-----

Now, Place “commercial_ca.crt” file in following directory

/opt/zimbra/ssl/zimbra/commercial/

and
Next, you will have to validate the certificate chain using below command to confirm the certificate chain on Zimbra starting ZCS 8.7 and above:

/opt/zimbra/bin/verify -CAfile commercial_ca.crt commercial.crt
Valid Certificate: OK

You’ll get response OK, upon successfull certificate validation.

Now, Deploy your CA issued SSL certificate using following command:

/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt

Restart your Zimbra Server using following command:

zmcontrol restart

Finally, verify the SSL certifiate was deployed using following command:

/opt/zimbra/bin/zmcertmgr viewdeployedcrt