How to Install an SSL Certificate on Zimbra

This guide will show you how to install an SSL Certificate on Zimbra – a popular email server and web client. After the installation, continue reading to discover the best place to buy an SSL Certificate for a Zimbra server.

Table of Contents

1. Generate a CSR on Zimbra
2. Install an SSL Certificate on Zimbra
3. Test your SSL installation
4. Where to buy an SSL Certificate for Zimbra?

We also recorded a video that walks you through the entire process. You can watch the video, read the instructions, or do both. You can watch the video below.

Generate a CSR

You have two options:

1. Use our CSR Generator to create the CSR automatically.
2. Follow our step-by-step tutorial on how to generate CSR in ZimbraUbuntu.

Now that you’ve created the CSR file, you can copy-paste its contents including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– during your certificate order.

After you received the SSL files from your Certificate Authority, proceed with the installation.

Install an SSL Certificate on Zimbra

On Zimbra, you can install an SSL in two different ways: via the Admin Console, or using the command line interface.

First, we’ll do it via the WebApp administration console, and then we’ll perform the same task using Zimbra command line interface.

Note: If you didn’t generate the CSR on Zimbra, you need to install the certificate only via the command line interface.

Install an SSL Certificate on Zimbra via the Admin Console

To install an SSL certificate on Zimbra via the Admin Console, just follow the steps below:

Step 1. Initiate the SSL certificate installation

1. Log into the admin console with your admin username and password
2. From the left side menu select Configure > Certificates
3. Next, locate the gear icon (next to Help) on the upper right corner. Click on it, then select Install Certificate
4. From the drop-down list, select the server name you want to secure and click Next
5. Choose the last option – Install the commercially signed certificate and click Next
6. Check the information you’ve submitted during the CSR generation and click Next

Step 2. Upload your certfiicates

Now, you need to upload your certificate (.crt file) and Ca bundle certificates (.ca-bundle file). You should have them on your server or desktop by now. If not, download the files from your email inbox, and extract the archived certificates. To open them, use any text editor such as Notepad.

Update the following files:

• Certificate: your SSL certificate file with the .crt extension.
• RootCA: this is the last (third) certificate from your CA bundle file.
• Intermediate CA: this is the second certificate from your CA bundle file.
• Intermediate CA: this is the first certificate from your CA bundle file

Note: The 3rd certificate from the CA bundle – the RootCA – is usually either stored by default (on most old servers) or not required at all on modern servers because its format is SHA-1, not SHA-2. However, Zimbra is an exception, and it requires you to upload the SHA-1 Root CA file manually. You can find it in this FAQ item.

Once you’ve uploaded all the files, click Next to continue

Step 3. Complete the installation

Press the Install button, and wait. The installation may take a few minutes

If your installation is successful, the following message will appear: “Your certificate was installed successfully. You must restart your ZCS server to apply the changes”

Step 4. Restart the server

Use the su-zimbra command to switch from root to Zimbra user.

Restart your Zimbra server with the following command:

zmcontrol restart

To switch back to root, run:

sudo su

After the restart, you can find the newly installed certificate in the Configuration > Certificates section. Simply click on the gear icon (upper right corner) and select View Certificate. The new page will display the SSL Certificate status.

Install an SSL Certificate on Zimbra using the command line interface (The Preferred Method)

Note: This should be the preferred method of installation as any error messages, if any, are hidden by Zimbra’s WebGUI when using it. So if something goes wrong, you’ll get the error message from the zm commands directly instead of something cryptic that is of no use.

Place the signed certificate in the file certificate and the root and intermediate certificates in the file root+interm. Please make sure that the files are placed locally to where you run the command or specify the full paths:

cat >deploy <<eof
zmcertmgr deploycrt comm certificate root+interm
eof
chmod +x deploy

Install an SSL Certificate on Zimbra using the command line interface (The Alternative Method)

To install an SSL certificate on Zimbra via the command line, just follow the steps below:

Step 1. Log in to the server

For Zimbra version older than 8.7, log in as root; otherwise, log in as a Zimbra user. Use the commands below to change between root and Zimbra user.

Switch from root to zimbra user:

su – zimbra

Switch from zimbra user to root:

sudo su

Step 2. Initiate the SSL installation

Locate and open the zmcertmgr tool:

/opt/zimbra/bin/zmcertmgr

Step 3. Upload the certificate files

Now, prepare your certificate files and upload them to a directory of your choice on the server. Your certificate (.crt) and CA bundle (.ca-bundle) files were sent by the Certificate Authority to your email during the SSL validation process

Note: If you didn’t generate the CSR code on Zimbra, you also need to upload the private key file.

For the purpose of this example, we will upload the certificate files into the /opt/ directory.

Remember! You have to replace the /opt/ directory and the certificate name, with your own location, and details.

Upload your certificate file:

/opt/yourwebsite_com.crt

Upload your CA bundle file:

/opt/yourwebsite_com.ca-bundle

Note: Your CA bundle must contain the root certificate, as well as all the intermediate certificates.

Step 4. Check that your certificate matches the private key

Run this command:

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/yourwebsite_com.crt /opt/yourwebsite_com.ca-bundle

Step 5. Set up the certificate

Run this command:

/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/yourdomain_com.crt /opt/yourdomain_com.ca-bundle

Note: If you didn’t create the CSR on Zimbra, you must name your private key file commercial.key and upload it into the following directory: /opt/zimbra/ssl/zimbra/commercial.

Double-check your certificate information by running this command:

/opt/zimbra/bin/zmcertmgr viewdeployedcrt

Step 6. Restart your server

Switch from root to Zimbra user:

su-zimbra

Restart your server:

zmcontrol restart

Return to root:

sudo su

Congratulations! You have successfully installed the SSL Certificate using Zimbra command-line interface.

Test your SSL installation

After you install an SSL Certificate on Zimbra, it’s important to scan it for potential vulnerabilities. Better catch them early, then watch your site displaying SSL related errors. Use one of these high-end SSL tools to get instant status reports on your SSL certificate.

Where to buy an SSL Certificate for Zimbra?

The best place to buy an SSL Certificate for your Zimbra server is from a reliable SSL reseller such as SSL Dragon. Along with the lowest prices anywhere on the market, we offer regular discounts and great deals on all our SSL products. All our certificates are compatible with Zimbra.

SSL Dragon takes care of your sensitive data security, so your website or business can thrive online!

You can always use our exclusive tools such as SSL Wizard and Advanced Certificate Filter to find the ideal SSL product for your website.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.