Installing a Comodo SSL Certificate on Zimbra Collaboration

Installing a Comodo SSL Certificate on Zimbra Collaboration

   KB 2577        Last updated on 07/11/2015  




0.00
(0 votes)
Article-check.png  - This is certified documentation and is protected for editing by Zimbra Employees & Moderators only.
 - This article is a Work in Progress, and may be unfinished or missing sections.

Installing a Comodo SSL Certificate

Use the article as a guide to installing a Comodo issued SSL certificate with the zmcertmgr tool or the Admin Console.

Using the CLI

  • 1. Get the bundle from Comodo in crt format, or sometimes like a zip file.
  • 2. Place the bundle on your Zimbra mailbox server. You should receive the next files:
    • AddTrustExternalCARoot.crt
    • COMODORSAAddTrustCA.crt
    • COMODORSADomainValidationSecureServerCA.crt
    • my_domain_com.crt files

Note the root and intermediate files may have different names depends of the SSL Certificate, like PositiveSSL, etc.

  • 3. Cat the CA certs to form a single CA certificate chain file
 cat AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt > /tmp/commercial_ca.crt
  • 4. Place the SSL certificate in /tmp/commercial.crt.
 cp my_domain_com.crt /tmp/commercial.crt
  • 5. Check that your SSL certificate, your private key and the Intermediate CA are OK, this step is important and you should not continue if you receive an error here:
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/commercial_ca.crt 
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /tmp/commercial.crt: OK
  • 6. Deploy the commercial certificate with zmcertmgr as the root user.
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt 
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /tmp/commercial.crt: OK
** Copying /tmp/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain /tmp/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
** NOTE: mailboxd must be restarted in order to use the imported certificate.
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
  • 7. Restart the Zimbra Services
zmcontrol restart

Using the Admin Console

Before install the SSL Certificate using the Admin Console, you should generated the CSR before following the steps indicated in the next Wiki:

You should receive the next files from Comodo:

    • AddTrustExternalCARoot.crt
    • COMODORSAAddTrustCA.crt
    • COMODORSADomainValidationSecureServerCA.crt
    • my_domain_com.crt files

Go to Home > Configure > Certificates and click in the settings icon, then click on Install Certificate

Zimbra-ssl-adminconsole-001.png

Select the target server where install the SSL Certificate:

Zimbra-ssl-adminconsole-002.png

Select the option Install the commercial signed certificate

Zimbra-ssl-adminconsole-007.png

If all the info in the review windows is ok, press Next button

Zimbra-ssl-adminconsole-008.png

Add the files one by one that Comodo sent to you, the Certificate, the root, and the CA:

Zimbra-ssl-adminconsole-009.png

Select Install button and the SSL Certificate will be installed

Zimbra-ssl-adminconsole-010.png

Restart the Zimbra services like zimbra user in a CLI session:

zmcontrol restart

You can return to the Admin Console and View the installed Certificate

Zimbra-ssl-adminconsole-011.png

Additional Content

Verified Against: Zimbra Collaboration 8.x, 8.0.x, 7.x Date Created: 9/2/2008
Article ID: http://wiki.zimbra.com/index.php?title=Installing_a_Comodo_SSL_Certificate_on_Zimbra_Collaboration Date Modified: 07/11/2015



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Wiki/KB reviewed by Jorge SME2 Copyeditor Last edit by Jorge de la Cruz Mingo
Jump to: navigation, search