In this tutorial, we will show you how to generate a CSR on Zimbra.
On Zimbra, you can generate your CSR code in two different ways: via the Admin Console, or using the command line interface.
Table of Contents
- How to generate a CSR on Zimbra via the Admin WebApp
- How to generate a CSR on Zimbra using the command line
Note: You can generate only one CSR and a private key file at a time. If you have an existing CSR code and a private key on your Zimbra server, generating a new one will overwrite the previous files.
How to generate a CSR on Zimbra via the Admin WebApp
To generate a CSR on Zimbra via the Admin WebApp, just follow the steps below:
Step 1. Log into your Zimbra administration console
To launch the console, type https://server.yourdomain.com:7071 in your browser, where server.yourdomain.com is your actual server name, assigned during the Zimbra setup. Use your default admin username ([email protected]) to log in. Don’t forget to replace yourdomain.com with your website name.
Step 2. Initiate the CSR generation
- In your Zimbra Administration dashboard, locate and click the Configure option in the left side menu
- Next, click Certificates in the left section
- Now, hover your mouse cursor to the upper right side over the gear icon. Click on it, and then select Install Certificate
- Form the Server Name drop-down list, choose the server name you want to secure and click Next
- In the Certificate Installation Wizard, click the radio button – Generate the CSR for the commercial certificate authorizer, then Next
Step 3. Fill in your details
In the next window, fill in the details as shown below:
- Digest – from the drop-down list select secure hash algorithm (e.g. SHA-256)
- Key Length – follow the industry standard key length and pick 2048 bits
- Common name – specify your server hostname (e.g. mail.yourdomain.com). If you have a Wildcard certificate, tick the checkbox – Use Wildcard Common Name, then enter your server hostname with an asterisk in front of the domain name. (e.g. mail. *.yourdomain.com)
- Country Name – provide the two-letter country code (ISO 3166-1 alpha-2 standard) where your business is legally registered (e.g. US). Here you can find the full list of country codes.
- State/Province – enter the state or province where your company is located. (e.g. Montana)
- City – type city where your organization is registered (e.g. Billings)
- Organization name – provide your company’s legal name (e.g. GPI Holding LLC). If you bought a Domain Validation certificate, type NA (not available) or your full name
- Organization Unit – For Business and Extended Validation certificates, enter IT or Web Administration. For Domain Validation SSL, type NA (not available)
- Subject Alternative Names – You should fill in this field only if you have a multi-domain SSL certificate; otherwise, leave it blank
Verify the info you’ve just entered, then click Next
Well done! You’ve successfully generated the CSR code.
To save it on your desktop, click Download the CSR and choose a save location. You can open the CSR file with any text editor such as Notepad or WordPad. Keep the CSR safe, as you will need it during the SSL order process with your vendor.
How to generate a CSR on Zimbra using the command line?
To generate a CSR on Zimbra unsing the command line, just follow the steps below:
Step 1. Log in to your server
To use the command line tool, you need SSH access to your server.
If your Zimbra version is older than 8.7, log in as root. If your Zimbra release is 8.7 or newer, log in as Zimbra user. Use the two commands below to switch between root and Zimbra user:
To switch from root to Zimbra user:
su – zimbra
To switch from Zimbra user to root:
Step 2. Initiate the CSR creation
To generate the CSR code, we’ll use the zmcrtmgr command line tool. By default, it resides in /opt/zimbra/bin/zmcertmgr
Run the command below to create your CSR:
/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=CC/ST=State/L=City/O=Company/OU=NA/CN=yourdomain.com" –noDefaultSubjectAltName
Step 3. Fill in your information
Now, you need to replace the values with information relevant to your certificate
- C – enter the two-letter country code. Here you can find the full list of country codes.
- ST – enter the legal state or province of your organization. If not applicable, type the city name
- L – submit the locality or city where your business is registered
- O – provide the official organization name. For example, GPI Holding LLC. If you have a Domain Validation certificate, type your full name, or simply NA (not available)
- OU – Organization unit. You may include IT or Web Administration; if you bought a Domain Validation certificate, type NA (not available)
- CN – Common name. Provide the hostname of the server you want to protect. For a wildcard certificate, add an asterisk in front of the domain name. For example: mail.*.yourdomain.com
Here’s an example of how your command should look:
/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=US/ST=California/L=SanJose/O=GPIHoldingLLC Inc/OU=IT/CN=server.ssldragon.com" –noDefaultSubjectAltName
If you need to secure multiple domains, adjust your command as below:
/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=CC/ST=State/L=City/O=Company/OU=NA/CN=server.yourdomain.com" -subjectAltNames “subdomain.yourdomain.com,seconddomain.com,thirddomain.com”
Note: Make sure you replace the example values with your company or personal details.
Zimbra will save the new CSR (commercial.csr) in the following directory: /opt/zimbra/ssl/zimbra/commercial/commercial.csr
You can open it with any text editor. Alternatively, you can open it in the console via this command:
Along with your CSR Code, Zimbra will create your private key, available here: /opt/zimbra/ssl/zimbra/commercial/commercial.key. You will need it during the certificate installation.
Now that you’ve created the CSR file, you can copy-paste its contents including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– during your certificate order.
After you received the SSL files from your Certificate Authority, proceed with the SSL installation on Zimbra.