Create CSR on Zimbra and SSL Installation
Zimbra CSR Creation
Log in as root.
-
Adjust the following command to match your information: /opt/zimbra/bin/zmcertmgr createcsr comm -new "/C=US/ST=Utah/L=Lehi/O=Company Inc/OU=Department/CN=your.domain.com" Where:
C = 2-digit country code
ST = State/Province
L = City
O = Organization Name
OU = Department (e.g., IT Department)
CN = Common Name (mail.domain.com, *.domain.com)
If you want to include more than one name in the CSR, you can add -subjectAltNames to the end of the command. Example:
/opt/zimbra/bin/zmcertmgr createcsr comm -new "/C=US/ST=Utah/L=Lehi/O=Company Inc/OU=Department/CN=your.domain.com" -subjectAltNames "www.domain.com, secure.domain.com"
Running this command will output the CSR to the following location: /opt/zimbra/ssl/zimbra/commercial/commercial.csr
-
You will use the CSR to place the order for the certificate (select “Other” as the server software when placing your order).
Zimbra SSL Installation
-
Once you receive the .zip containing the certificate files, extract the “certs” folder somewhere on your server. We will be combining some the files you received in to a PEM format. To create the pem file, you can reference our PEM instructions or follow the next steps of these instructions.
Take your server certificate (your_domain_name.crt) and copy it to a file called commercial.crt in the following directory: /opt/zimbra/ssl/zimbra/commercial/
-
With a text editor (such as wordpad or notepad), copy and paste the entire body of each of the following certificates into one text file in the following order:
- The First Intermediate Certificate - DigiCertCA.crt
- The Second Intermediate Certificate(if a 2nd intermediate cert is supplied) – DigiCertCA2.crt
- The Root Certificate - TrustedRoot.crt
Make sure to include the beginning and end tags on each certificate. The result should look like this:
-----BEGIN CERTIFICATE-----
(Your First Intermediate certificate: DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Second Intermediate certificate (if applicable): DigiCertCA2.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE----- Save the combined file as commercial_ca.crt in the following directory: /opt/zimbra/ssl/zimbra/commercial/
Run the following command to validate the certificate chain: /opt/zimbra/openssl/bin/openssl verify -CAfile commercial_ca.crt commercial.crt
-
Once the certificate chain is validated, you can run the following command to enable the new certificate for use: /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
The SSL certificate should now be active. You can check the certificate by going to https://www.digicert.com/help/ and typing in the domain name or IP address the certificate is applied to.
SSL Certificate CSR Creation in Zimbra
How to generate a CSR or Install a Certificate on Zimbra Servers.