Installing a RapidSSL Commercial Certificate

From Zimbra :: Wiki

Jump to: navigation, search
Admin Article

Article Information

This article applies to the following ZCS versions.
  ZCS 6.0 Article  ZCS 6.0
  ZCS 5.0 Article  ZCS 5.0

Istalling a RapidSSL Commercial SSL Certificate

Use the article as a guide to installing a GeoTrust / RapidSSL issued SSL certificate with the zmcertmgr tool.

1. You will receive an e-mail from RapidSSL with your commercial certificate. Locate the [Your RapidSSL certificate:] section within the e-mail and copy the Certificate including the -----BEGIN to END----- to a file server.crt and place this into /tmp/server.crt

2. Copy private key including the -----BEGIN to END----- to /opt/zimbra/ssl/zimbra/commercial/commercial.key (if the file is not already there).

If you have a certificate generated before december 9th 2010:
3. Download the appropriate bundle file from . RapidSSL certificates are always signed by Equifax!! Save this as ca_bundle.crt

If you have a certificate generated after december 9th 2010:
3a. Download the Geotrust root certificate (wget and ca_bundle (wget
3b. Cat the files together: cat GeoTrust_Global_CA.cer RapidSSL_CA_bundle.pem > /tmp/ca_bundle.crt

4. Deploy the commercial certificate with zmcertmgr as the root user.

 # cd /opt/zimbra/bin
 # ./zmcertmgr deploycrt comm /tmp/server.crt /tmp/ca_bundle.crt

Note: The solution above works for Zimbra 5/6


After successfully importing the new certificate and CA bundle, I got the following error when restarting ZCS (6.0.10):

ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: PKIX path building failed: unable to find valid certification path to requested target)

The solution is to add RapidSSL_CA_bundle.pem (the intermediate cert) to the Java keystore:

 # /opt/zimbra/java/bin/keytool -import -alias rapidsslintca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass <password> -file /tmp/RapidSSL_CA_bundle.pem
Verified Against: unknown Date Created: 11/19/2009
Article ID: Date Modified: 01/14/2011
Personal tools