(2 votes, average: 5.00 out of 5)
Installing an SSL certificate on Zimbra provides a secure connection for your email communications and helps protect sensitive information. The process involves obtaining an SSL certificate from a trusted Certificate Authority (CA), generating a Certificate Signing Request (CSR), and then uploading the SSL certificate and key to your Zimbra server. The installation process is straightforward and can be done through the Zimbra Admin Console. With a properly installed SSL certificate, you can ensure that your email communications are protected, and your users can have confidence in the security of your email system.
Obtaining an SSL certificate from a trusted Certificate Authority requires generating a Certificate Signing Request (CSR) and submitting it for validation. In Zimbra, you have two options for generating your CSR:
Once you have created your CSR file, you can easily copy and paste its contents, including the beginning and end markers, into the appropriate fields when placing your SSL certificate order.
Installing an SSL certificate on Zimbra can be accomplished through two methods – the Admin Console and the command line interface. This guide will demonstrate both ways, starting with the WebApp administration console and followed by the command line interface.
Note: If the CSR was not generated on Zimbra, the certificate must only be installed via the command line interface.
To install an SSL certificate on Zimbra using the Admin Console, follow these steps:
Start the Installation
In order to proceed with the SSL installation on Zimbra, you will need to upload both your certificate and CA bundle certificates. Make sure you have these files stored on your server or desktop, and if not, download them from your email inbox and extract the contents from the archive. Open the files using a text editor such as Notepad.
Update the following files with the correct information:
Note: The RootCA certificate is usually not required on modern servers as its format is SHA-1. However, Zimbra is an exception and requires you to manually upload the SHA-1 Root CA file.
Once all the necessary files have been uploaded, you may proceed by clicking “Next.”
After pressing the Install button, you will have to wait a few minutes for the process to complete. If everything goes well, you’ll see a message confirming that your certificate has been installed successfully. To ensure the changes take effect, you must restart your ZCS server.
To restart your server, switch to the Zimbra user with the su-zimbra command and then run the zmcontrol restart command. After the restart, switch back to root with the sudo su command. To view the new SSL certificate, go to the Configuration > Certificates section and select View Certificate from the gear icon in the upper right corner. The new page will display the status of your SSL certificate.
It is recommended to use the command line interface for installing SSL certificates on Zimbra as it allows for more precise and informative error messages than the WebGUI. To do this, the CA signed certificate should be saved in the “certificate” file, and the root and intermediate certificates should be saved in the “root+interm” file. Ensure that the files are located in the same directory as the command or specify the full paths.
cat >deploy <<eof
zmcertmgr deploycrt comm certificate root+interm
chmod +x deploy
Follow these steps to install an SSL certificate on Zimbra through the command line:
Step 1. Log in to the Server
For versions of Zimbra prior to 8.7, log in as root; otherwise, log in as a Zimbra user. You can switch between root and Zimbra user using the commands below:
Change from root to Zimbra user:
su – zimbra
Change from Zimbra user to root:
Step 2. Launch the SSL Installation
Locate and access the zmcertmgr tool:
Step 3: Upload the Certificates
To continue with the installation, you must first move the certificate files sent by the Certificate Authority to the server. These files consist of the certificate (.crt) and the CA bundle (.ca-bundle). If you did not generate the CSR on Zimbra, you would also need to transfer the private key file.
In this example, the certificate files will be transferred to the /opt/ directory. Please replace the /opt/ directory and the certificate name with the location and details that correspond to your specific setup.
Move your certificate file:
Move your CA bundle file:
Note: Your CA bundle must include the root certificate and all intermediate certificates.
Step 4. Confirm Certificate and Key Match
Before you proceed with the installation, it’s important to confirm that the certificate matches the private key. To do this, run the following command:
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/yourwebsite_com.crt /opt/yourwebsite_com.ca-bundle
Step 5. Deploy the Certificate
To deploy the certificate, execute the following command:
/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/yourdomain_com.crt /opt/yourdomain_com.ca-bundle
Note: If the CSR code was not generated through Zimbra, ensure that the private key file is named commercial.key and saved in the directory: /opt/zimbra/ssl/zimbra/commercial.
To verify your certificate information, use the command:
Step 6. Restart the Server
Change to Zimbra user:
Restart the server:
Change back to root:
You have now successfully installed the SSL certificate via the Zimbra command line interface.
It’s crucial to validate the SSL Certificate you installed on Zimbra to ensure there are no security vulnerabilities. Use a top-notch SSL testing tool to quickly obtain a report on the status of your SSL certificate.
For the best results, purchase your SSL Certificate for Zimbra from a trusted SSL vendor like Cheap SSL Web. We offer competitive pricing and frequent promotions on all our SSL offerings. Our SSL/TLS certificates are guaranteed to work with Zimbra. Ensure your online presence is secure with Cheap SSL Web’s protection.