HostSEO Blog

Stories and News from IT Industry, Reviews & Tips | Technology Blog


Installing an SSL certificate on Zimbra

Once an SSL order with the CSR code is activated and all validation requirements are met, the SSL certificate will be issued and sent to your administrative contact email address. You can also download the SSL certificate in your Namecheap account. When the SSL certificate is received, you are welcome to start the installation process.

Zimbra mail server supports two possible ways of SSL installation:

SSL certificate installation via Zimbra Administration Console

    1. Click Configure in the left-hand pane of the main menu:

 

    1. In the next window, click Certificates and pick up Install Certificate:

instzim2

    1. You will see a separate window where you need to choose the required mail server. Click Next afterwards:

instzim3

    1. Pick Install the commercially signed certificate to start the installation process:

instzim4

    1. Review all information that was used for CSR generation. If the information is correct, click Next:

instzim5

    1. Upload the SSL certificate file, root certificate and intermediate certificates received from the Certificate Authority.

      Note: You can download the root and intermediate certificates along with your server certificate from your Namecheap account.

      instzim6

    2. On the next step, click Install to install the chosen SSL certificate. The installation process can take a few minutes:

instzim7

    1. When the SSL installation process is completed, you will see the notification:

instzim8

    1. To apply changes, you need to restart Zimbra services like zimbra user in a CLI session:

sudo su
su zimbra

Once the default user is switched to the zimbra user, run this command to restart services:

zmcontrol restart

    1. When all services are restarted, new SSL certificate details can checked here:

instzim9

The SSL certificate has been successfully installed for the following services:

LDAP service: port 389
Mailbox service: ports 8443, 7071
MTA service: ports 25 (SMTP TLS), 465 (SMTP SSL), 7110 (POP3 TLS), 7143 (IMAP TLS), 7993 (IMAP SSL), 7995 (POP3 SSL)
Proxy service: 443, 110 (POP3 TLS), 143 (IMAP TLS), 993 (IMAP SSL), 995 (POP3 SSL).

instzim10

It is possible to check SSL installation by using this online tool: https://decoder.link/sslchecker/.

SSL certificate installation via Zimbra Certificate Manager (command line interface)

A Zimbra package has the zmcertmgr tool to manage SSL certificates.
For version 8.6 or lower, this tool must be run as root. Run this command in the terminal to switch from the default user to the root:

sudo su

Starting from version 8.7 this tool should be run as zimbra user.
Run these commands to switch from the default user to the zimbra user:

sudo su
su zimbra

    1. To start the installation process, you need to upload the SSL certificate file (server_domain_com.crt) and CA bundle file (server_domain_com.ca-bundle) to any folder to your hosting server on the temporary basis. For this example, SSL files have been uploaded to the /opt/ directory.
    2. Verify that your certificate received from the Certificate Authority matches the private key generated along with the CSR: /opt/zimbra/bin/zmcertmgr verifycrt comm
      /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/server_domain_com.crt /opt/server_domain_com.ca-bundle

The output should look like:

instzim11

Note: You can download the root and intermediate certificates along with your server certificate from your Namecheap account.

    1. Deploy your commercial certificate.
      /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/server_domain_com.crt /opt/server_domain_com.ca-bundle

The successful output should look like:

instzim12

    1. Verify that the correct certificate has been deployed.
      /opt/zimbra/bin/zmcertmgr viewdeployedcrt

For example, the details of the PositiveSSL certificate will look like:

instzim13

  1. To apply changes, you need to restart Zimbra services like zimbra user:

sudo su
su zimbra

Once the default user is switched to zimbra user, run this command to restart services:

zmcontrol restart

When all services are restarted, new SSL certificate details can checked by using this online tool: https://decoder.link/sslchecker/.

How to deploy a Multi-Domain SSL certificate or SSL Wildcard certificate installed on another hosting server for Zimbra?

    1. Copy the SSL certificate file (server_domain_com.crt), CA bundle file (server_domain_com.ca-bundle) and private key (commercial.key) to any folder of your hosting server on the temporary basis. For this example, SSL files have been uploaded to the /opt/ directory.
    2. Copy the private key from the temporary location to the default folder of commercial certificates.

cp /opt/commercial.key /opt/zimbra/ssl/zimbra/commercial/

    1. Set default permissions for the private key.

chmod 640 /opt/zimbra/ssl/zimbra/commercial/commercial.key

    1. Verify that your certificate received from the Certificate Authority matches the private key

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/server_domain_com.crt /opt/server_domain_com.ca-bundle

The output should look like:

instzim11

    1. Deploy your commercial certificate.

/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/server_domain_com.crt /opt/server_domain_com.ca-bundle

The successful output should look like:

instzim12

    1. Verify that the correct certificate has been deployed.

/opt/zimbra/bin/zmcertmgr viewdeployedcrt

For example, the details of the PositiveSSL certificate will look like:

instzim13

  1. To apply changes, you need to restart Zimbra services like zimbra user in the terminal:

sudo su
su zimbra

Once the default user is switched to zimbra user, run this command to restart services:

zmcontrol restart

When all services are restarted, new SSL certificate details can checked by using this online tool: https://decoder.link/sslchecker.

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

SatSunMonTueWedThuFri
 123456
78910111213
14151617181920
21222324252627
28293031 

Born in 2004 ... Trusted By Clients n' Experts

SEO Stars

They never made me feel silly for asking questions. Help me understand how to attract more people and improve my search engine ranking.

Read More

Emily Schneller Manager at Sabre Inc
SEO Stars

Took advantage of Hostseo's superb tech support and I must say, it is a very perfect one. It is very fast, servers reliability is incredible.

Read More

Leena Mäkinen Creative producer
SEO Stars

We're operating a worldwide network of servers with high quality standards requirements, we’ve choose hostseo to be our perfect partner.

Read More

Ziff Davis CEO at Mashable
SEO Stars

It’s very comfortable to know I can rely about all technical issues on Hostseo and mostly that my website and emails are safe and secured here.

Read More

Isaac H. Entrepreneur
SEO Stars

With hostseo as a hosting partner we are more flexible and save money due to the better packages with great pricing, free SEO n' free SSL too!

Read More

Madeline E. Internet Professional