Zimbra CSR Creation & SSL Installation Instructions

Create CSR on Zimbra and SSL Installation

Zimbra CSR Creation

  1. Log in as root.
  2. Adjust the following command to match your information: /opt/zimbra/bin/zmcertmgr createcsr comm -new “/C=US/ST=Utah/L=Lehi/O=Company Inc/OU=Department/CN=your.domain.com” Where:

    C = 2-digit country code

    ST = State/Province

    L = City

    O = Organization Name

    OU = Department (e.g., IT Department)

    CN = Common Name (mail.domain.com, *.domain.com)

    If you want to include more than one name in the CSR, you can add -subjectAltNames to the end of the command. Example:

    /opt/zimbra/bin/zmcertmgr createcsr comm -new “/C=US/ST=Utah/L=Lehi/O=Company Inc/OU=Department/CN=your.domain.com” -subjectAltNames “www.domain.com, secure.domain.com”

  3. Running this command will output the CSR to the following location: /opt/zimbra/ssl/zimbra/commercial/commercial.csr
  4. You will use the CSR to place the order for the certificate (select “Other” as the server software when placing your order).

Zimbra SSL Installation

  1. Once you receive the .zip containing the certificate files, extract the “certs” folder somewhere on your server. We will be combining some the files you received in to a PEM format. To create the pem file, you can reference our PEM instructions or follow the next steps of these instructions.
  2. Take your server certificate (your_domain_name.crt) and copy it to a file called commercial.crt in the following directory:/opt/zimbra/ssl/zimbra/commercial/
  3. With a text editor (such as wordpad or notepad), copy and paste the entire body of each of the following certificates into one text file in the following order:
    1. The First Intermediate Certificate – DigiCertCA.crt
    2. The Second Intermediate Certificate(if a 2nd intermediate cert is supplied) – DigiCertCA2.crt
    3. The Root Certificate – TrustedRoot.crt

    Make sure to include the beginning and end tags on each certificate. The result should look like this:

    (Your First Intermediate certificate: DigiCertCA.crt) 
    (Your Second Intermediate certificate (if applicable): DigiCertCA2.crt)

    (Your Root certificate: TrustedRoot.crt)

  4. Save the combined file as commercial_ca.crt in the following directory: /opt/zimbra/ssl/zimbra/commercial/
  5. Run the following command to validate the certificate chain: /opt/zimbra/openssl/bin/openssl verify -CAfile commercial_ca.crt commercial.crt
  6. Once the certificate chain is validated, you can run the following command to enable the new certificate for use: /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt

The SSL certificate should now be active. You can check the certificate by going to https://www.digicert.com/help/ and typing in the domain name or IP address the certificate is applied to.

SSL Certificate CSR Creation in Zimbra

How to generate a CSR or Install a Certificate on Zimbra Servers.

Source Srom Digicert https://www.digicert.com/csr-creation-ssl-installation-zimbra.htm


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s