Prepare the necessary files:
- commercial.key
Contains private key that is used to generate CSR (for a wildcard certificate, this private key can be from another machine from a same domain) - commercial.crt
Contains a commercial SSL certificate that is generated by a CA, such as “RapidSSL Wildcard certificate” in my case - ca_bundle.crt
Contains CA’s bundle such as “RapidSSL/Wildcard SHA-2 under SHA-1 root” from https://www.namecheap.com/support/knowledgebase/article.aspx/9393/69/where-do-i-find-ssl-ca-bundle)
Installation steps:
# su zimbra $ ls /opt/zimbra/ssl/zimbra/commercial/ commercial.key $ ls /tmp/ssl/ ca_bundle.crt commercial.crt $ zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/ssl/commercial.crt /tmp/ssl/ca_bundle.crt ** Verifying '/tmp/ssl/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' Certificate '/tmp/ssl/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. ** Verifying '/tmp/ssl/commercial.crt' against '/tmp/ssl/ca_bundle.crt' Valid certificate chain: /tmp/ssl/commercial.crt: OK $ zmcertmgr deploycrt comm /tmp/ssl/commercial.crt /tmp/ssl/ca_bundle.crt ... ** Copying '/tmp/ssl/commercial.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' ** Copying '/tmp/ssl/ca_bundle.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' ** Appending ca chain '/tmp/ssl/ca_bundle.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' ** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts' ** NOTE: restart mailboxd to use the imported certificate. ... $ zmcontrol restart $ zmcertmgr viewdeployedcrt
Verification:
Verify using https://www.ssllabs.com/ssltest/
Source:
