Installing a StartSSL SSL Certificate with zmcertmgr

From Zimbra :: Wiki

Jump to: navigation, search
   Icon-Archive.png  - This is archive documentation, which means it is not supported or valid for recent versions of Zimbra Collaboration.

   Article-alert.png  - This article is a Work in Progress, and may be unfinished or missing sections.

Admin Article

Article Information

This article applies to the following ZCS versions.
  ZCS 7.0 Article  ZCS 7.0
  ZCS 6.0 Article  ZCS 6.0

Installing a *Free* StartSSL SSL certificate with zmcertmgr

WARNING: There are numerous errors on this page. Please use the official wiki at

Use the article as a guide to installing a StartSSL issued SSL certificate with the zmcertmgr tool.

1. Download the ca.pem [1] and [2] to /tmp/

2. Cat the CA certs to form a single CA certificate chain file

 cat ca.pem > ca_bundle.crt

3. Place server certificate in /tmp/ssl.crt.

4. Place the private key in /opt/zimbra/ssl/zimbra/commercial/commercial.key

5. Deploy the commercial certificate with zmcertmgr as the root user.

 cd /opt/zimbra/bin
 ./zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/ca_bundle.crt

6.(As Root User)

/opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt

7. Restart the zimbra services

 su zimbra
 zmcontrol stop
 zmcontrol start

See: CLI zmtlsctl to set Web Server Mode to enable or require web secure connections.

Verified Against: Zimbra Collaboration Suite 6.x Date Created: 7/21/2010
Article ID: Date Modified: 04/1/2015
Personal tools