Ask a Question

Advanced Search

Solution ID : SO22364

Last Modified : 05/31/2019

Managed PKI for SSL - How to Install SSL Certificate on Zimbra version 5, 6, 7 & 8 Server



This document provides installation instructions for Zimbra server. If you are not able to perform the steps on the server, DigiCert recommends that you contact Zimbra vendor.

Step 1: Obtain the SSL Certificate

  1. Once your Managed PKI for SSL administrator has approved your Certificate request, you will receive an email with the Certificate
    attached (cert.cer), as well as in the body of the email itself.
  2. Copy the certificate, imbedded in the body of the email and paste it into a text file using Vi or Notepad.
    NOTE: Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines
    or spaces in the file.

    The text file should look like:


              [encoded data]

    -----END CERTIFICATE-----

    NOTE: To download the certificate from your Managed PKI for SSL subscriber services page, for documentation, please click here.
    Please select X.509 as a certificate format and copy only the End Entity Certificate.
  3. Save the certificate as comercial.crt

Step 2. Download the Root CA and the Intermediate CA Certificate

         NOTE: Ensure that the appropriate Root and Intermediate CA certificate for yor SSL certificate type have been selected.
         To check which certificate type you have purchased, please click here.

  1. Download the Symantec Root CA certificate under Managed PKI for SSL section  from this link.
  2. Save Root CA certificate file (e.g. /tmp/root_ca.crt)
  3. Download the Intermediate CA certificate  from this link.
  4. Click on the Managed PKI for SSL tab. Select the Intermediate CA certificate for your SSL certificate type.
  5. Save Intermediate CA certificate file (e.g. /tmp/intermediate_ca.crt)
  6. Combine root and intermediate ca bundle file into a temporary file using cat command
    cat /tmp/root_ca.crt /tmp/intermediate_ca.crt > /tmp/chain_ca.crt


To install the SSL Certificate on Zimbra server, perform one of the following methods:

Method 1. Install the SSL certificate using Command Line Interface (CLI)

Step 2. Install the SSL Certificate

  1. Verify the ssl certificate with the following zmcertmgr command
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/chain_ca.crt
    **Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/tmp/commercial.crt) and private key
    (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /tmp/commercial.crt: OK

    NOTE: The private key (e.g. /opt/zimbra/ssl/zimbra/commercial/commerical.key) is created on the Zimbra server .
    If the private key no longer exist on the server, a new CSR will have to be generated and submit a certificate replacement.
  2.  To deploy the ssl certificate, run the following zmcertmgr command.
    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/chain_ca.crt ** Verifying /tmp/commercial.crt against
    Certificate (/tmp/commercial.crt) and private key
    (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /tmpt/commercial.crt: OK
    **Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    **Appending ca chain /tmp/chain_ca.crt to
    **Saving server config key zimbraSSLCeretificate…done.
    **Saving server config key zimbraSSLPrivateKey…done.
    **Installing mta certificate and key…done.
    **Installing slapd certificate and key…done.
    **Installing proxy certificate and key…done.
    **Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done.

    **Creating keystore file /opt/zimbra/mailbox/etc/keystore…done.
    **Installing CA to /opt/zimbra/conf/ca…done.
  3. To verify if the ssl certificate has been successfully deployed. Run the following zmcertmgr command.

    For more information on Zimbra server using CLI commands click here

Method 2 Install the SSL Certificate through the Admin Console

  1. Download the Root Certificate Authority (CA) Certificate and save the file as file in Notepad.
  2. Download the Intermediate CA certificate and save the file as an file in Notepad.
    NOTE: To check which certificate type you have purchased, please click here:
  3. Go back to Admin Console and launch the Install Certificate wizard, choose the Install the commercially signed certificate. 
  4. When you are prompted to upload the certificate, select comercial.crt as Certificate, as Root CA, and as Intermediate CA.
  5. Click Next, then Install.  Your Commercial Certificate will be installed successfully.
  6. Restart the Zimbra server.
  7. Verify your installation with the DigiCert Installation Checker