How to Install an SSL Certificate on Zimbra Mail Server

The following instructions will guide you through the SSL/TLS Certificate installation process on “Zimbra Mail Server.” If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions.

What You’ll Need

1. Your server certificate

This is the certificate you received from the CA for your domain. You may have been received this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.

2. Your intermediate certificates

These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate.

3. Your private key

This file should be on your server, or in your possession if you generated your CSR from a free generator tool.

SSL/TLS Certificate Installation Instructions for Zimbra Mail Server

You can install SSL Certificate in two ways:

A. Zimbra Administration Console – Web Interface
B. Zimbra Certificate Manager – Command Line Interface (CLI)

A. Installing SSL/TLS Certificate using Zimbra Administration Console

1. Configure

In the main menu, click Configure.

2. Certificates – Install Certificate

Select Certificates. Then, click the gear icon on the top right (next to Help) and select Install Certificate.

3. Select the Target Server

On the Select the Target Server tab, select your server from the Server Name drop-down menu. Click Next.

4. Choose the Installation Option

On the Choose the Installation Option tab. Then, click the bubble for Install the commercially signed certificate.

5. Review the Certificate Signing Request

Go to the last tab, Review the Certificate Signing Request. Verify that all of the CSR information is correct, then click Next.

6. Upload the Certificate

Go back up to the Upload the Certificate tab where you will import each required file to the server.

Each of these files should be emailed to the admin and technical contacts for the certificate, and can also be downloaded in a zipped folder from your account.

In the example image, the certificate is from Comodo and uses Comodo’s specific root and intermediate certificates. Please feel free to contact our support team if you have any questions about which certificate files you should use for your installation.

7. Install the Certificate

Finally, go to the Install the Certificate tab and click Install.

8. Restart

To apply the changes you’ve just made, you’ll need to restart Zimbra services using the Command Line Interface. Enter these commands to switch to Zimbra user:

sudo su
su zimbra

Once the user is switched to Zimbra user, restart the services using following command:

zmcontrol restart

Congratulations!!! You’ve done it. You’ve successfully installed your SSL certificate on your Zimbra server. Wasn’t so hard, was it?

B. Installing SSL/TLS Certificate using Zimbra Certificate Manager (Command Line Interface)

Zimbra package comes with “zmcertmgr” tool for handling SSL Certificates.

For Version 8.6 or lower, this tool must be accessed as root. If you have version 8.7 or later, you should run this tool as zimbra user. Run the below command in order to switch from default user to zimbra user.

sudo su
su zimbra

1. Download and save the root CA certificate to a temporary file.

For example: /tmp/ca.crt

These files should be labeled in the zipped folder you can download from your account.

2. Combine root and intermediate CA certificates into a temporary file.

cat /tmp/ca_intermediary.crt /tmp/ca.crt > /tmp/ca_chain.crt

3. Verify your certificate

/opt/zimbra/bin/zmcertmgr verifycrt comm
/opt/zimbra/ssl/zimbra/commercial/commercial.key 
/opt/server_domain_com.crt
/opt/server_domain_com.ca-bundle

4. Deploy your SSL certificate

/opt/zimbra/bin/zmcertmgr deploycrt comm
/opt/server_domain_com.crt
/opt/server_domain_com.ca-bundle

5. Verify the certificate deployment

/opt/zimbra/bin/zmcertmgr viewdeployedcrt

6. Restart Zimbra to apply changes

Enter these commands to switch to Zimbra user:

sudo su
su zimbra

Once the default user is switched to Zimbra user, run the following command to restart the server:

zmcontrol restart

Your certificate should now be installed.

Was this article helpful?

Related Articles