Installing a StartSSL SSL Certificate with zmcertmgr

From Zimbra :: Wiki

Jump to: navigation, search
Admin Article

Article Information

This article applies to the following ZCS versions.
  ZCS 7.0 Article  ZCS 7.0
  ZCS 6.0 Article  ZCS 6.0

Installing a *Free* StartSSL SSL certificate with zmcertmgr

WARNING: There are numerous errors on this page. Please use the official wiki at

Use the article as a guide to installing a StartSSL issued SSL certificate with the zmcertmgr tool.

1. Download the ca.pem [1] and [2] to /tmp/

2. Cat the CA certs to form a single CA certificate chain file

 cat ca.pem > ca_bundle.crt

3. Place server certificate in /tmp/ssl.crt.

4. Place the private key in /opt/zimbra/ssl/zimbra/commercial/commercial.key

5. Deploy the commercial certificate with zmcertmgr as the root user.

 cd /opt/zimbra/bin
 ./zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/ca_bundle.crt

6.(As Root User)

/opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt

7. Restart the zimbra services

 su zimbra
 zmcontrol stop
 zmcontrol start

See: CLI zmtlsctl to set Web Server Mode to enable or require web secure connections.

Verified Against: Zimbra Collaboration Suite 6.x Date Created: 7/21/2010
Article ID: Date Modified: 10/6/2014
Personal tools