How to Install SSL Certificate on Zimbra?

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...
Install SSL Certificate on Zimbra Server

Install SSL Certificate on Zimbra: A Step-By-Step Guide

Many organizations, including businesses, government agencies, & educational institutions, use Zimbra as it is an affordable and feature-rich alternative to other email and collaboration platforms. Securing it with an SSL certificate is given for such a platform. But do you know how to install SSL on Zimbra? If not, read on to know all about it. We have discussed the two ways in which you can install SSL on the platform.

But before you start installing, you must buy SSL certificate first. Also, before buying SSL, there is another step to do – CSR generation. Let’s do that first.

Generate CSR

One of the easiest ways of generating CSR is using our efficient CSR generator tool. You need no prior technical knowledge to do this, all you must do is fill in all the required fields as prompted, and the tool will generate a CSR that you can use while buying the SSL certificate from your Certificate Authority.

Wait! You cannot start with the installation process just yet. There is one more stop. After generating the CSR, you have to copy-paste the content of the code.

—–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—–

You can now go ahead with the installation process.

Now Zimbra SSL Installation Begins

As we already said, there are two ways of installing the SSL on Zimbra. They are

  • Zimbra command line interface
  • WebApp administration console

Let’s get started with the Zimbra command line interface first.

Method 1: Zimbra SSL Installation through Line Interface

SSL certificate installation on Zimbra via the command line can be done by following these steps:

Step 1. Sign in to the Server

If your Zimbra version is older than 8.7, you can sign in using the remote access method, and If your Zimbra version is 8.7 or newer, log in as a Zimbra user.

After you are signed in, you can switch between the root and Zimbra user using the following commands

To switch from root to Zimbra user, enter the following command:

su – zimbra

To switch from the Zimbra user to the root, enter the following command:

sudo su

Note: Remember to use caution when switching between user accounts, as this can have significant impacts on the security & stability of your server.

Step 2: Start SSL Installation

To begin installing your SSL certificate, you need to locate & access the appropriate tool or panel within Zimbra. You can do that by looking for the zmcertmrg tool. After finding the tool, you must type the following command:

/etc/zimbra/bin/zmcertmgr

Step 3: Prepare and Upload Certificate Files

  • Before uploading your certificate files, ensure you have received them from the Certificate Authority via email during the SSL validation process. You need the certificate (.crt) file & the CA bundle (.ca-bundle) file. If you didn’t create the CSR on Zimbra, you must name your private key file “commercial.key” and upload it to the following directory: /etc/zimbra/ssl/zimbra/commercial.
  • Upload your certificate and CA bundle files (containing the root and intermediate certificate) to a directory of your choice on the server. For this example, we will use the /etc/ directory.
  • Remember to replace the /etc/ directory and certificate name with the location and details specific to your certificate.

Upload your certificate file:

/etc/example_com.crt

Upload your CA bundle file:

/etc/example_com.ca-bundle

Step 4. Verify Your Certificate Deployment

To ensure that your SSL certificate is correctly installed & deployed on the Zimbra server, use the following command to verify the SSL Certificate deployment.

/etc/zimbra/bin/zmcertmgr verifycrt comm /etc/zimbra/ssl/zimbra/commercial/commercial.key /etc/example_com.crt /etc/example_com.ca-bundle

Step 5. Set up the Certificate

The next step is to deploy your SSL certificate & CA bundle files. For that, run the following command:

/etc/zimbra/bin/zmcertmgr deploycrt comm /etc/example_com.crt /etc/example_com.ca-bundle

If you want to double-check the information on the certificate, type the following command:

/etc/zimbra/bin/zmcertmgr viewdeployedcrt

Note: If you didn’t create the CSR on Zimbra, you must name your private key file commercial.key and upload it into the following directory “/etc/zimbra/ssl/zimbra/commercial”.

Step 6. Restart your Zimbra Server

You can run the following command if you want to switch to the Zimbra user:

su-zimbra

If you want to switch back to the root user, type the following:

zmcontrol restart

After completing these steps, your SSL certificate should be successfully installed and deployed on your Zimbra server.

Method 2: Zimbra SSL Installation with Admin Console

SSL certificate installation on Zimbra via the Admin Console can be done by following these steps:

Step 1. Start SSL Certificate Installation

  • Sign-In to the admin console and add your admin username and password.
  • Select Configure from the left side menu and click on Certificates.
  • In the top right corner, you will find a gear icon (located next to the Help option).
  • Click on it and choose Install Certificate from the menu.
  • Choose the server you want to secure from the drop-down list and click on Next.
  • You will see the last option as Install the commercially signed certificate > Select it and click on Next.
  • Double-check the information you provided during CSR generation
  • Click on Next to proceed.

Step 2. Upload your certificates

  • Upload your certificate (.crt) file & CA bundle certificates (.ca-bundle) file. If you haven’t already, download these files from your email inbox & extract them. You can open the files with any text editor, such as Notepad.
  • To complete the SSL certificate installation on Zimbra, you need to update the following files:
  • Certificate: This should be your SSL certificate file with the .crt extension.
  • RootCA: Upload the last (third) certificate from your CA bundle file.
  • Intermediate CA: Upload the second certificate from your CA bundle file.
  • Intermediate CA: Upload the first certificate from your CA bundle file.
  • After uploading all the files, click on Next to continue.

Step 3. Complete the Installation

  • Click on the Install button to complete the installation. It will require your patience as the installation takes time. The installation may take a few minutes.
  • Upon successful installation, a message will appear on your screen. It will look something like this:

“Your certificate was installed successfully. You must restart your ZCS server to apply the changes.”

Step 4. Restart the Server

For switching to Zimbra user to root, type this command:

su-zimbra

Use this command to restart Zimbra Server

zmcontrol restart

Run this command to switch back to the root.

sudo su

After you see the server has restarted, checking the status of the installed SSL is not difficult. All you must do is navigate to the Configuration > Certificates section. Click on the Gear icon. You will find it in the upper right corner. Select View Certificate, it will show you the SSL certificate status.

Finally, your SSL Certificate is Installed on Zimbra Server.

Related posts:

  1. How To Install SSL Certificate On CentOS
  2. How to install SSL certificate on RedHat Linux
  3. How to Install an SSL Certificate on Sentora Control Panel
  4. How to Install an SSL Certificate on a Debian Server?
<?xml version="1.0" encoding="UTF-8"?><svg id="Layer_1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 109.7 29.02"><defs><style>.cls-1{fill:#fff;}</style></defs><path class="cls-1" d="m5.38,22.85c-3.1-.26-5.3-1.92-5.38-4.8h3.6c.1,1.1.67,1.85,1.78,2.09v-4.58c-2.47-.62-5.38-1.32-5.38-4.87,0-2.83,2.26-4.68,5.38-4.92v-1.94h1.54v1.94c3,.24,5.02,1.85,5.23,4.7h-3.62c-.1-.94-.67-1.66-1.61-1.94v4.54c2.5.65,5.42,1.3,5.42,4.85,0,2.45-1.92,4.73-5.42,4.97v1.94h-1.54v-1.97Zm0-10.25v-4.15c-1.1.17-1.87.84-1.87,2.06,0,1.13.77,1.7,1.87,2.09Zm1.54,3.38v4.2c1.22-.22,1.94-1.06,1.94-2.14s-.82-1.68-1.94-2.06Z"/><path class="cls-1" d="m17.62,8.33h-2.33v-3.1h5.78v17.5h-3.46v-14.4Z"/><path class="cls-1" d="m28.27,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.91-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m41.28,22.9c-1.22,0-2.09-.86-2.09-1.97s.86-1.97,2.09-1.97,2.04.86,2.04,1.97-.86,1.97-2.04,1.97Z"/><path class="cls-1" d="m49.54,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.91-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m64.56,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.9-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m81.79,0h3.29l-6.48,27.07h-3.29L81.79,0Z"/><path class="cls-1" d="m96.89,9.43h3.58l-8.23,19.59h-3.58l2.88-6.62-5.33-12.96h3.77l3.43,9.29,3.48-9.29Z"/><path class="cls-1" d="m105.62,22.73h-3.36v-13.3h3.36v2.06c.84-1.37,2.23-2.26,4.08-2.26v3.53h-.89c-1.99,0-3.19.77-3.19,3.34v6.62Z"/></svg>