How to Install an SSL Certificate on Zimbra?

1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 5.00 out of 5)
Loading...
Install an SSL Certificate on Zimbra

Installing an SSL certificate on Zimbra provides a secure connection for your email communications and helps protect sensitive information.

The process involves obtaining an SSL certificate from a trusted Certificate Authority (CA), generating a Certificate Signing Request (CSR), and then uploading the SSL certificate and key to your Zimbra server.

The installation process is straightforward and can be done through the Zimbra Admin Console. With a properly installed SSL certificate, you can ensure that your email communications are protected, and your users can have confidence in the security of your email system.

Generating a CSR for Zimbra

In Zimbra, you have two options for generating your CSR:

  • Use the CSR Generator tool for an automatic process.
  • Follow a manual process for generating a CSR manually in ZimbraUbuntu.

Once you have created your CSR file, you can easily copy and paste its contents, including the beginning and end markers, into the appropriate fields when placing your SSL certificate order.

Install an SSL Certificate on Zimbra

Installing an SSL certificate on Zimbra can be accomplished through the Admin Console and the command line interface. This guide will demonstrate both ways, starting with the WebApp administration console and followed by the command line interface.

Note: If the CSR was not generated on Zimbra, the certificate must only be installed via the command line interface.

To Install an SSL Certificate on Zimbra using the Admin Console, follow these steps:

Start the Installation:

  • Log in to the admin console with your admin credentials
  • Navigate to Configure > Certificates from the left-side menu
  • Find the gear icon on the upper right corner, click it, then select Install Certificate
  • Select the server name you want to secure from the drop-down list and click Next
  • Choose the option to “Install the commercially signed certificate” and click Next
  • Verify the information you submitted during the CSR generation and click Next.

Upload your Certificates:

In order to proceed with the SSL installation on Zimbra, you will need to upload both your certificate and CA bundle certificates. Ensure you have these files stored on your server or desktop; if not, download them from your email inbox and extract the contents from the archive. Open the files using a text editor such as Notepad.

Update the following files with the correct information:

  • Your SSL certificate with the .crt extension
  • The last (third) certificate from the CA bundle, known as the RootCA
  • The second certificate from the CA bundle, known as the Intermediate CA
  • The first certificate from the CA bundle, also known as the Intermediate CA

Note: The RootCA certificate is usually not required on modern servers as its format is SHA-1. However, Zimbra is an exception and requires you to manually upload the SHA-1 Root CA file.

Once all the necessary files have been uploaded, you may proceed by clicking “Next.”

Finalizing the SSL Certificate Installation

After pressing the Install button, you will have to wait a few minutes for the process to complete. If everything goes well, you’ll see a message confirming that your certificate has been installed successfully. To ensure the changes take effect, you must restart your ZCS server.

Restarting Your Zimbra Server

To restart your server, switch to the Zimbra user with the su-zimbra command and then run the zmcontrol restart command. After the restart, switch back to root with the sudo su command.

To view the new SSL certificate, go to the Configuration > Certificates section and select View Certificate from the gear icon in the upper right corner. The new page will display the status of your SSL certificate.

Install SSL Certificate on Zimbra through Command Line

It is recommended to use the command line interface for installing SSL certificates on Zimbra as it allows for more precise and informative error messages than the WebGUI.

To do this, the CA signed certificate should be saved in the “certificate” file, and the root and intermediate certificates should be saved in the “root+interm” file.

Ensure that the files are located in the same directory as the command or specify the full paths.

  • Create the Deploy Script
  • Execute the following commands to create the deploy script:
cat >deploy <<eof
zmcertmgr deploycrt comm certificate root+interm
eof
chmod +x deploy

Install an SSL Certificate Using Zimbra’s Command Line Interface (The Alternative Method)

Follow these steps to install an SSL certificate on Zimbra through the command line:

Step 1. Log in to the Server

For versions of Zimbra prior to 8.7, log in as root; otherwise, log in as a Zimbra user. You can switch between root and Zimbra user using the commands below:

Change from root to Zimbra user:

su – zimbra

Change from Zimbra user to root:

sudo su

Step 2. Launch the SSL Installation

Locate and access the zmcertmgr tool:

/opt/zimbra/bin/zmcertmgr

Step 3: Upload the Certificates

To continue with the installation, you must first move the certificate files sent by the Certificate Authority to the server. These files consist of the certificate (.crt) and the CA bundle (.ca-bundle). If you did not generate the CSR on Zimbra, you would also need to transfer the private key file.

In this example, the certificate files will be transferred to the /opt/ directory. Please replace the /opt/ directory and the certificate name with the location and details that correspond to your specific setup.

Move your certificate file:

/opt/yourwebsite_com.crt

Move your CA bundle file:

/opt/yourwebsite_com.ca-bundle

Note: Your CA bundle must include the root certificate and all intermediate certificates.

Step 4. Confirm Certificate and Key Match

Before you proceed with the installation, it’s important to confirm that the certificate matches the private key.

To do this, run the following command:

/opt/zimbra/bin/zmcertmgr verifycrt comm 
/opt/zimbra/ssl/zimbra/commercial/commercial.key 
/opt/yourwebsite_com.crt /opt/yourwebsite_com.ca-bundle

Step 5. Deploy the Certificate

To deploy the certificate, execute the following command:

/opt/zimbra/bin/zmcertmgr deploycrt comm 
/opt/yourdomain_com.crt /opt/yourdomain_com.ca-bundle

Note: If the CSR code was not generated through Zimbra, ensure that the private key file is named commercial.key and saved in the directory: /opt/zimbra/ssl/zimbra/commercial.

To verify your certificate information, use the command:

/opt/zimbra/bin/zmcertmgr viewdeployedcrt

Step 6. Restart the Server

Change to Zimbra user:

su-zimbra

Restart the server:

zmcontrol restart

Change back to Root:

sudo su

You have now successfully installed the SSL certificate via the Zimbra command line interface.

Verify Your SSL Installation on Zimbra

It’s crucial to validate the SSL Certificate you installed on Zimbra to ensure there are no security vulnerabilities. Use a top-notch SSL testing tool to quickly obtain a report on the status of your SSL certificate.

Where to Obtain an SSL Certificate for Zimbra?

For the best results, purchase your SSL Certificate for Zimbra from a trusted SSL vendor like Cheap SSL Web. We offer competitive pricing and frequent promotions on all our SSL offerings. Our SSL/TLS certificates are guaranteed to work with Zimbra.

Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.