The following instructions will guide you through the SSL/TLS Certificate installation process on “Zimbra Mail Server.” If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions.
What You’ll Need
1. Your server certificate
This is the certificate you received from the CA for your domain. You may have been received this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.
2. Your intermediate certificates
These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate.
3. Your private key
This file should be on your server, or in your possession if you generated your CSR from a free generator tool.
SSL/TLS Certificate Installation Instructions for Zimbra Mail Server
You can install SSL Certificate in two ways:
A. Zimbra Administration Console – Web Interface
B. Zimbra Certificate Manager – Command Line Interface (CLI)
A. Installing SSL/TLS Certificate using Zimbra Administration Console
In the main menu, click Configure.
2. Certificates – Install Certificate
Select Certificates. Then, click the gear icon on the top right (next to Help) and select Install Certificate.
3. Select the Target Server
On the Select the Target Server tab, select your server from the Server Name drop-down menu. Click Next.
4. Choose the Installation Option
On the Choose the Installation Option tab. Then, click the bubble for Install the commercially signed certificate.
5. Review the Certificate Signing Request
Go to the last tab, Review the Certificate Signing Request. Verify that all of the CSR information is correct, then click Next.
6. Upload the Certificate
Go back up to the Upload the Certificate tab where you will import each required file to the server.
Each of these files should be emailed to the admin and technical contacts for the certificate, and can also be downloaded in a zipped folder from your account.
In the example image, the certificate is from Comodo and uses Comodo’s specific root and intermediate certificates. Please feel free to contact our support team if you have any questions about which certificate files you should use for your installation.
7. Install the Certificate
Finally, go to the Install the Certificate tab and click Install.
To apply the changes you’ve just made, you’ll need to restart Zimbra services using the Command Line Interface. Enter these commands to switch to Zimbra user:
Once the user is switched to Zimbra user, restart the services using following command:
Congratulations!!! You’ve done it. You’ve successfully installed your SSL certificate on your Zimbra server. Wasn’t so hard, was it?
B. Installing SSL/TLS Certificate using Zimbra Certificate Manager (Command Line Interface)
Zimbra package comes with “zmcertmgr” tool for handling SSL Certificates.
For Version 8.6 or lower, this tool must be accessed as root. If you have version 8.7 or later, you should run this tool as zimbra user. Run the below command in order to switch from default user to zimbra user.
1. Download and save the root CA certificate to a temporary file.
For example: /tmp/ca.crt
These files should be labeled in the zipped folder you can download from your account.
2. Combine root and intermediate CA certificates into a temporary file.
cat /tmp/ca_intermediary.crt /tmp/ca.crt > /tmp/ca_chain.crt
3. Verify your certificate
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/server_domain_com.crt /opt/server_domain_com.ca-bundle
4. Deploy your SSL certificate
/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/server_domain_com.crt /opt/server_domain_com.ca-bundle
5. Verify the certificate deployment
6. Restart Zimbra to apply changes
Enter these commands to switch to Zimbra user:
Once the default user is switched to Zimbra user, run the following command to restart the server:
Your certificate should now be installed.