How to Generate a CSR on Zimbra

In this tutorial, we will show you how to generate a CSR on Zimbra.

On Zimbra, you can generate your CSR code in two different ways: via the Admin Console, or using the command line interface.

Table of Contents

  1. How to generate a CSR on Zimbra via the Admin WebApp.
  2. How to generate a CSR on Zimbra using the command line.

Note: You can generate only one CSR and a private key file at a time. If you have an existing CSR code and a private key on your Zimbra server, generating a new one will overwrite the previous files.

How to generate a CSR on Zimbra via the Admin WebApp

To generate a CSR on Zimbra via the Admin WebApp, just follow the steps below:

Step 1. Log into your Zimbra administration console

To launch the console, type in your browser, where is your actual server name, assigned during the Zimbra setup. Use your default admin username ([email protected]) to log in. Don’t forget to replace with your website name.

Step 2. Initiate the CSR generation

  1. In your Zimbra Administration dashboard, locate and click the Configure option in the left side menu
  2. Next, click Certificates in the left section
  3. Now, hover your mouse cursor to the upper right side over the gear icon. Click on it, and then select Install Certificate
  4. Form the Server Name drop-down list, choose the server name you want to secure and click Next
  5. In the Certificate Installation Wizard, click the radio button – Generate the CSR for the commercial certificate authorizer, then Next

Step 3. Fill in your details

In the next window, fill in the details as shown below:

  • Digest – from the drop-down list select secure hash algorithm (e.g. SHA-256)
  • Key Length – follow the industry standard key length and pick 2048 bits
  • Common name – specify your server hostname (e.g. If you have a Wildcard certificate, tick the checkbox – Use Wildcard Common Name, then enter your server hostname with an asterisk in front of the domain name. (e.g. mail. *
  • Country Name – provide the two-letter country code (ISO 3166-1 alpha-2 standard) where your business is legally registered (e.g. US). Here you can find the full list of country codes.
  • State/Province – enter the state or province where your company is located. (e.g. Montana)
  • City – type city where your organization is registered (e.g. Billings)
  • Organization name – provide your company’s legal name (e.g. GPI Holding LLC). If you bought a Domain Validation certificate, type NA (not available) or your full name
  • Organization Unit – For Business and Extended Validation certificates, enter IT or Web Administration. For Domain Validation SSL, type NA (not available)
  • Subject Alternative Names – You should fill in this field only if you have a multi-domain SSL certificate; otherwise, leave it blank

Verify the info you’ve just entered, then click Next

Well done! You’ve successfully generated the CSR code.

To save it on your desktop, click Download the CSR and choose a save location. You can open the CSR file with any text editor such as Notepad or WordPad. Keep the CSR safe, as you will need it during the SSL order process with your vendor.

How to generate a CSR on Zimbra using the command line?

To generate a CSR on Zimbra unsing the command line, just follow the steps below:

Step 1. Log in to your server

To use the command line tool, you need SSH access to your server.

If your Zimbra version is older than 8.7, log in as root. If your Zimbra release is 8.7 or newer, log in as Zimbra user. Use the two commands below to switch between root and Zimbra user:

To switch from root to Zimbra user:

su – zimbra

To switch from Zimbra user to root:

sudo su

Step 2. Initiate the CSR creation

To generate the CSR code, we’ll use the zmcrtmgr command line tool. By default, it resides in /opt/zimbra/bin/zmcertmgr

Run the command below to create your CSR:

/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=CC/ST=State/L=City/O=Company/OU=NA/" –noDefaultSubjectAltName

Step 3. Fill in your information

Now, you need to replace the values with information relevant to your certificate

  • – enter the two-letter country code. Here you can find the full list of country codes.
  • ST – enter the legal state or province of your organization. If not applicable, type the city name
  • – submit the locality or city where your business is registered
  • – provide the official organization name. For example, GPI Holding LLC. If you have a Domain Validation certificate, type your full name, or simply NA (not available)
  • OU – Organization unit. You may include IT or Web Administration; if you bought a Domain Validation certificate, type NA (not available)
  • CN – Common name. Provide the hostname of the server you want to protect. For a wildcard certificate, add an asterisk in front of the domain name. For example: mail.*

Here’s an example of how your command should look:

/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=US/ST=California/L=SanJose/O=GPIHoldingLLC Inc/OU=IT/" –noDefaultSubjectAltName

If you need to secure multiple domains, adjust your command as below:

/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=CC/ST=State/L=City/O=Company/OU=NA/" -subjectAltNames “,,”

Note: Make sure you replace the example values with your company or personal details.

Zimbra will save the new CSR (commercial.csr) in the following directory: /opt/zimbra/ssl/zimbra/commercial/commercial.csr

You can open it with any text editor. Alternatively, you can open it in the console via this command:

cat /opt/zimbra/ssl/zimbra/commercial/commercial.csr

Along with your CSR Code, Zimbra will create your private key, available here: /opt/zimbra/ssl/zimbra/commercial/commercial.key. You will need it during the certificate installation.

Now that you’ve created the CSR file, you can copy-paste its contents including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– during your certificate order.

After you received the SSL files from your Certificate Authority, proceed with the SSL installation on Zimbra.

Save 10% on SSL Certificates when ordering today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

Written by

Experienced content writer specializing in SSL Certificates. Transforming intricate cybersecurity topics into clear, engaging content. Contribute to improving digital security through impactful narratives.