habibzain Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.

Zimbra Install Commercial Cert from SSL Provider

2 min read

One powerful way to achieve Secure Zimbra Server by installing a Secure Sockets Layer (SSL) certificate. Not only does this enhance the trustworthiness of your Zimbra server, but it also encrypts the data exchanged between the server and users. In this guide, we’ll walk you through the process of installing an SSL commercial certificate on your Zimbra server, ensuring a secure and trustworthy environment for your email communication. Zimbra Install Commercial Cert.

Selecting the Right SSL Certificate for Your Zimbra Server

Choosing the appropriate SSL certificate is the first crucial step in fortifying your Zimbra server. Most SSL Providers offer various options, such as Domain Validated (DV), Organization Validated (OV), and Extended Validation (EV) certificates. Assess your security needs and budget to make an informed decision.

Step-by-Step Installation Guide for SSL Commercial Certificate

Now that you have your SSL certificate, let’s dive into the installation process.

Generating a Certificate Signing Request (CSR)

Start by generating a Certificate Signing Request (CSR) on your Zimbra server. Submit this CSR to your chosen CA and await the issuance of your SSL certificate.

  1. Jump to Home > Configure > Certificates and click in the settings icon, then click on Install Certificate.
  1.  Select the target server to generate the SSL files like the CSR and the private key.
  1. Select the option Generate the CSR for the commercial.
  1. Then, NEXT. and will show window.

Common Name (CN): needs to be the FQDN that you want to use, if you are using a Single-Server is recommended that the FQDN and the hostname are the same.

  1. Download now the CSR file, ready to send to your SSL Certificate Provider.
  1. If we miss this step, find the csr file in the next path /opt/zimbra/ssl/zimbra/commercial.

Send or Upload CSR to SSL Provider

Submit this CSR to your chosen CA SSL Provider, complete payment and await the issuance of your SSL certificate. Eachs SSL Providers have different way to issue SSL. But mostly have same approach.

Retrieve Certificate From SSL Provider

In this case, i received cert in PEM format via email from SSL Provider.

cert format pem from SSL Provider

And then save cert from dashboard in format .crt.

Zimbra Install Commercial Cert

Installing Certificates via CLI

After submit the CSR to the SSL provider and get a commercial certificate in PEM format. Save the new certificate ant then copy or upload with WinSCP or SCP to a /SRV file (It’s up to you where you want to save it).

[root@mail ~]# cd /srv/ssl_2023/
[root@mail ssl_2023]# ls -al
total 20
drwxr-xr-x  2 root   root   4096 Oct  2 17:01 .
drwxr-xr-x. 3 root   root   4096 Oct  2 16:59 ..
-rw-r--r--  1 zimbra zimbra 2228 Oct  2 17:01 ssl.crt
-rw-r--r--  1 zimbra zimbra 5214 Oct  2 17:01 ssl.pem

Verify Commercial Certificate

[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /srv/ssl_2023/ssl.crt /srv/ssl_2023/ssl.pem
** Verifying '/srv/ssl_2023/ssl.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/srv/ssl_2023/ssl.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/srv/ssl_2023/ssl.crt' against '/srv/ssl_2023/ssl.pem'
Valid certificate chain: /srv/ssl_2023/ssl.crt: OK

Please note. When running verification, place the cert and CA-bundle or PEM files in the correct order. example:

/opt/zimbra/bin/zmcertmgr verifycrt comm /path/commercial.key /path/ssl_domain.crt /path/ssl.pem-or-CA-bundle

If not correct order, verifycrt will be error like below.

Deploy your commercial certificate

[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr deploycrt comm /srv/ssl_2023/ssl.crt /srv/ssl_2023/ssl.pem

View Certificate

[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr viewdeployedcrt
- imapd: /opt/zimbra/conf/imapd.crt
notBefore=Oct  2 00:00:00 2023 GMT
notAfter=Oct  1 23:59:59 2024 GMT
subject= /CN=mail.domain.com
issuer= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=RapidSSL TLS RSA CA G1
SubjectAltName=mail.domain.com, www.mail.domain.com

In conclusion, installing an SSL commercial certificate on your Zimbra server is a vital step in fortifying your online communication. Strengthen your Zimbra server today and let the virtual shield of SSL protect your communication from potential cyber threats.

That is simple article about zimbra deploy and install commercial cert. Hope it usefull, please feel free for comment.

Credit: Zimbra Wiki.

habibzain Just husband, father and enthusiastic men about System Administration. Love to write short article about it. Perhaps can help and be useful for others.

Zimbra Relay Amazon SES

Zimbra is a widely used collaboration platform that provides robust email services. When it comes to improving email deliverability and ensuring the security of...
1 min read

Install Zimbra 10 Ubuntu 20.04 from Scratch

Zimbra 10 may have had specific installation requirements, and there might be updates or changes beyond that point. Here is simple guide how to...
4 min read

Zimbra Cannot start TLS: handshake failure

The Zimbra log show error message “Cannot start TLS handshake” typically indicates an issue with establishing a secure TLS (Transport Layer Security) connection. This...
1 min read

Leave a Reply

Your email address will not be published. Required fields are marked *

Never miss good article from us, get weekly updates in your inbox