How to Install SSL Certificate on Zimbra?
Many organizations, including businesses, government agencies, & educational institutions, use Zimbra as an affordable and feature-rich alternative to other email and collaboration platforms. Securing it with an SSL certificate is given for such a platform.
But do you know how to install SSL on Zimbra? If not, read on to know all about it. We have discussed the two ways you can install SSL on the platform.
But before you start installing, you must buy SSL certificate first. Also, before buying SSL, there is another step to take: CSR generation. Let’s do that first.
Generate CSR
One of the easiest ways of generating CSR is using our efficient CSR generator tool. You need no prior technical knowledge to do this; all you must do is fill in all the required fields as prompted, and the tool will generate a CSR that you can use when buying the SSL certificate from your Certificate Authority.
Wait! You cannot start with the installation process just yet. There is one more stop. After generating the CSR, you have to copy-paste the content of the code.
—–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—–
You can now go ahead with the installation process.
Now Zimbra SSL Installation Begins
As we already said, there are two ways of installing the SSL on Zimbra. They are
- Zimbra command line interface
- WebApp administration console
Let’s get started with the Zimbra command line interface first.
Method 1: Zimbra SSL Installation through Line Interface
SSL certificate installation on Zimbra via the command line can be done by following these steps:
Step 1. Sign in to the Server
If your Zimbra version is older than 8.7, you can sign in using the remote access method, and If your Zimbra version is 8.7 or newer, log in as a Zimbra user.
After you are signed in, you can switch between the root and Zimbra user using the following commands.
To switch from root to Zimbra user, enter the following command:
su – zimbra
To switch from the Zimbra user to the root, enter the following command:
sudo su
Note: Remember to use caution when switching between user accounts, as this can have significant impacts on the security & stability of your server.
Step 2: Start SSL Installation
To begin installing your SSL certificate, you need to locate & access the appropriate tool or panel within Zimbra. You can do that by looking for the zmcertmrg tool. After finding the tool, you must type the following command:
/etc/zimbra/bin/zmcertmgr
Step 3: Prepare and Upload Certificate Files
- Before uploading your certificate files, ensure you have received them from the Certificate Authority via email during the SSL validation process. You need the certificate (.crt) file & the CA bundle (.ca-bundle) file. If you didn’t create the CSR on Zimbra, you must name your private key file “commercial.key” and upload it to the following directory: /etc/zimbra/ssl/zimbra/commercial.
- Upload your certificate and CA bundle files (containing the root and intermediate certificate) to a directory of your choice on the server. For this example, we will use the /etc/ directory.
- Remember to replace the /etc/ directory and certificate name with the location and details specific to your certificate.
Upload your certificate file:
/etc/example_com.crt
Upload your CA bundle file:
/etc/example_com.ca-bundle
Step 4. Verify Your Certificate Deployment
To ensure that your SSL certificate is correctly installed & deployed on the Zimbra server, use the following command to verify the SSL Certificate deployment.
/etc/zimbra/bin/zmcertmgr verifycrt comm /etc/zimbra/ssl/zimbra/commercial/commercial.key /etc/example_com.crt /etc/example_com.ca-bundle
Step 5. Set up the Certificate
The next step is to deploy your SSL certificate & CA bundle files. For that, run the following command:
/etc/zimbra/bin/zmcertmgr deploycrt comm /etc/example_com.crt /etc/example_com.ca-bundle
If you want to double-check the information on the certificate, type the following command:
/etc/zimbra/bin/zmcertmgr viewdeployedcrt
Note: If you didn’t create the CSR on Zimbra, you must name your private key file commercial.key and upload it into the following directory “/etc/zimbra/ssl/zimbra/commercial”.
Step 6. Restart your Zimbra Server
You can run the following command if you want to switch to the Zimbra user:
su-zimbra
If you want to switch back to the root user, type the following:
zmcontrol restart
After completing these steps, your SSL certificate should be successfully installed and deployed on your Zimbra server.
Method 2: Zimbra SSL Installation with Admin Console
SSL certificate installation on Zimbra via the Admin Console can be done by following these steps:
Step 1. Start SSL Certificate Installation
- Sign-In to the admin console and add your admin username and password.
- Select Configure from the left side menu and click on Certificates.
- In the top right corner, you will find a gear icon (located next to the Help option).
- Click on it and choose Install Certificate from the menu.
- Choose the server you want to secure from the drop-down list and click on Next.
- You will see the last option as Install the commercially signed certificate > Select it and click on Next.
- Double-check the information you provided during CSR generation
- Click on Next to proceed.
Step 2. Upload your certificates
- Upload your certificate (.crt) file & CA bundle certificates (.ca-bundle) file. If you haven’t already, download these files from your email inbox & extract them. You can open the files with any text editor, such as Notepad.
To complete the SSL certificate installation on Zimbra, you need to update the following files:
- Certificate: This should be your SSL certificate file with the .crt extension.
- RootCA: Upload the last (third) certificate from your CA bundle file.
- Intermediate CA: Upload the second certificate from your CA bundle file.
- Intermediate CA: Upload the first certificate from your CA bundle file.
- After uploading all the files, click on Next to continue.
Step 3. Complete the Installation
- Click on the Install button to complete the installation. It will require your patience as the installation takes time. The installation may take a few minutes.
- Upon successful installation, a message will appear on your screen. It will look something like this:
“Your certificate was installed successfully. You must restart your ZCS server to apply the changes.”
Step 4. Restart the Server
To switch the Zimbra user to root, type this command:
su-zimbra
Use this command to restart Zimbra Server
zmcontrol restart
Run this command to switch back to the root.
sudo su
After you see the server has restarted, checking the status of the installed SSL is not difficult. All you must do is navigate to the Configuration > Certificates section. Click on the Gear icon. You will find it in the upper right corner. Select View Certificate, it will show you the SSL certificate status.
Finally, your SSL Certificate is Installed on Zimbra Server.