Solution
This document provides instructions for generating a Certificate Signing Request (CSR) for Zimbra server. If you are unable to use these instructions for your server, Symantec recommends that you contact Zimbra vendor.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
To generate a Certificate Signing Request (CSR) on Zimbra 5.0.x, 6.0.x, & 7.0.x server, follow one of the methods bellow:
Method 1: Generate CSR using the command line interface:
- Log in as root.
- Run the following zmcertmgr command to generate a CSR.
/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=US/ST=California/L=Mountain View/O=My Company/OU=IT Department/CN=$"The following fields are required when generating a Certificate Signing Request (CSR)
- The following fields are required when generating a Certificate Signing Request (CSR)
- Country Name (C): Enter the two-character abbreviation of country in which organization resides (e.g. US).
- State or Province (S): Enter the full name of your state or province.
Note: Make sure the State or Province is not abbreviated (e.g. California).
- Locality or City (L): Usually the city of your organization's main office, or a main office for your organization.
- Organization (O): The full legal name of your company.
- Organizational Unit (OU): Use this field to differentiate between divisions within an organization.
- Common Name (CN): The fully-qualified domain name to which your certificate will be issued..
For more information on Zimbra server using CLI commands, please click here.
Method 2: Generate CSR through Zimbra Admin Console:
- Open a browser window and create CSR through Zimbra Admin Console.
- Login to the Admin Console and click Certificates.
- Click Install Certificate.
- Select Target Server.
- Select Generate the CSR for the Commercial Certificate Authorizer.
- Create the CSR, then download and save the CSR file.
Once the certificate has been issued, follow the steps from this link to install the certificate on your server.