1. Home
  2. SSL Certificate Support
  3. Installation Instructions for SSL Certificates
  4. How to Install an SSL Certificate on Zimbra Mail Server

How to Install an SSL Certificate on Zimbra Mail Server

The following instructions will guide you through the SSL/TLS Certificate installation process on “Zimbra Mail Server.” If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions.

What You’ll Need

1. Your server certificate

This is the certificate you received from the CA for your domain. You may have been received this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.

2. Your intermediate certificates

These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate.

3. Your private key

This file should be on your server, or in your possession if you generated your CSR from a free generator tool.

SSL/TLS Certificate Installation Instructions for Zimbra Mail Server

You can install SSL Certificate in two ways:

A. Zimbra Administration Console – Web Interface
B. Zimbra Certificate Manager – Command Line Interface

A. Installing SSL/TLS Certificate using Zimbra Administration Console

1. Configure

In the main menu, click “Configure” to open the Configure option.

Zimbra Administration

2. “Install Certificate”

Select “Certificates” & click on “Install Certificate”

Install Certificate

3. Select your Mail Server

In the Certificate Installation Wizard, choose your mail server & click “Next”.

Mail Server

4. Select “Install the commercially signed certificate”

Then click “Next.”

SSL Installation Option

5. Review the Certificate Signing Request

Double-check all the information used for generating the CSR. If it’s correct, click “Next”

Review CSR

6.Upload the Certificate

Upload all the files received from the Certificate Authority. This includes SSL Certificate file, root certificate & intermediate certificate.

Upload SSL

7. Click “Install”

Installation process will take few minutes

Install

You will see a notification once the SSL installation process is over

Configure

9. Restart

To apply the changes you’ve just made, you’ll need to restart Zimbra services like Zimbra user in a CLI session

sudo su
su zimbra

Once the user is switched to Zimbra user, restart the services using following command:
zmcontrol restart

10. Check SSL

Check for SSL certificate details, once all the services are restarted. You will get the screen showing details about successful installation of your SSL Certificate

Check SSL Details

B. Installing SSL/TLS Certificate using Zimbra Certificate Manager (Command Line Interface)

Zimbra package comes with “zmcertmgr” tool for handling SSL Certificates.
For Version 8.6 or lower, this tool must be accessed as root. Run the following command in terminal:
sudo su
If you have version 8.7 or later, you should run this tool as zimbra user. Run below command in order to switch from default user to zimbra user.
sudo su
su zimbra

1. For installing, upload SSL Certificate

For example:  /opt/ directory

2. Check that the certificate you received from the CA

/opt/zimbra/bin/zmcertmgr verifycrt comm
/opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/server_domain_com.crt
/opt/server_domain_com.ca-bundle

3. Deploy your SSL certificate

/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/server_domain_com.crt /opt/server_domain_com.ca-bundle

4. Verify if the certificate you just deployed is the correct one

/opt/zimbra/bin/zmcertmgr viewdeployedcrt

5. To apply the changes, you’ll need to restart services of Zimbra

sudo su
su zimbra

Once the default user is switched to zimbra user, run below command to restart it:

zmcontrol restart
Updated on

Was this article helpful?

Related Articles