Skip to content

Installing a commercial SSL certificate in Zimbra

I installed a commercial (free) SSL certificate from Startcom SSL in Zimbra. I basically followed this, except the java keytool thing. I don’t know why that is necessary… I did this on Zimbra 6.0.10_GA_2692.UBUNTU8_64 UBUNTU8_64 FOSS edition.

  • Download the ca.pem and sub.class1.server.ca.pem (the CA for the free class 1 validation) to /tmp/
  • Cat the CA certs to form a single CA certificate chain file: cat ca.pem sub.class1.server.ca.pem > ca_bundle.crt
  • Place server certificate in /tmp/ssl.crt.
  • Place the private key in /opt/zimbra/ssl/zimbra/commercial/commercial.key
  • Deploy the commercial certificate with zmcertmgr as the root user: /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/ca_bundle.crt
  • Restart zimbra: su zimbra, then zmcontrol stop && zmcontrol start

    3 Comments ( Add comment / trackback )

    1. (permalink)
      Comment by Stephen M Poole
      On April 5, 2012 at 19:42

      If you’re ever in Birmingham, I’ll buy you a hot dog. Worked like a champ with a GoDaddy cert on Zimbra 6.0.15_GA/CentOS 5.8

      🙂

    2. (permalink)
      Comment by halfgaar
      On March 16, 2013 at 13:20

      It was that time of the year again so I lookup this post. I never actually saw your reply. So, a belated thanks 🙂

      And BTW, it works on version 8 of Zimbra as well.

    3. (permalink)
      Comment by thesslmart
      On July 8, 2013 at 15:52

      Based on Zimbra documentation, any type of SSL type from any of the vendor such as Verisign, Geotrust and Comodo will be supported.