Article Information
This article applies to the following ZCS versions.
ZCS 7.0
ZCS 6.0

Installing a *Free* StartSSL SSL certificate with zmcertmgr

Use the article as a guide to installing a StartSSL issued SSL certificate with the zmcertmgr tool.

1. Download the ca.pem [1] and sub.class1.server.ca.pem [2] to /tmp/

2. Cat the CA certs to form a single CA certificate chain file

 cat ca.pem sub.class1.server.ca.pem > ca_bundle.crt

3. Place server certificate in /tmp/ssl.crt.

4. Place the private key in /opt/zimbra/ssl/zimbra/commercial/commercial.key

5. Deploy the commercial certificate with zmcertmgr as the root user.

 cd /opt/zimbra/bin
 ./zmcertmgr deploycrt comm /tmp/ssl.crt /tmp/ca_bundle.crt

6.(As Root User)

/opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/ssl/zimbra/commercial/commercial.crt

7. Restart the zimbra services

 su zimbra
 zmcontrol stop
 zmcontrol start

See: CLI zmtlsctl to set Web Server Mode to enable or require web secure connections.