5.x Commercial Certificates Guide
Important: See Administration Console and CLI Certificate Tools before installing a third party certificate using an article listed below. Third party certificate articles are community contributions and may include unsupported steps.
Administration and CLI Tools
Zimbra offers both Administration Console and Command Line Interface (CLI) tools for installing, viewing, and managing certificates. For more information about these tools, see Administration Console and CLI Certificate Tools.
Preexisting Certificates
If you'd like to install a certificate whose CSR was made elsewhere (for instance, if you have a wildcard certificate for your domain), see here: Preexisting Certifcate Installation for Zimbra 6.0
Third Party Certificate Articles
The following third party certificates have their own Wiki articles with installation instructions.
StartSSL
See Installing a StartSSL SSL Certificate with zmcertmgr.
Comodo SSL
See Installing a Comodo SSL Certificate with zmcertmgr.
DigiCert
See Installing DigiCert commercial certificates.
Gandi
See Installing a Gandi Commercial Certificate on ZCS 5.0.x and 6.0.x
GeoTrust Certificate
See Installing_a_GeoTrust_Commercial_Certificate
GlobalSign Certificate
See Installing a GlobalSign Commercial Certificate
GoDaddy Certificate
See Installing a GoDaddy Commercial Certificate on ZCS 5.0.x.
IPSCA Certificate
See Installing_a_IPSCA_Commercial_Certificate
Network Solutions Certificate
See Installing a Network Solutions Certificate on ZCS 5.0.x.
RapidSSL Certificate
See Installing_a_RapidSSL_Commercial_Certificate
Thawte SSL Certificate (SSL123 format)
See Installing a Thawte SSL Certificate on ZCS 5.0.x.
Verisign
See Installing a Verisign Test Certificate on Zimbra Server.
See Installing a Verisign Secure Site Certificate.
Troubleshooting
If you are experiencing issues installing, viewing, or managing your certificates, see the Category:Troubleshooting Certificates category.
Misc
- Inspect your CSR
openssl req -in <server.csr> -noout -text
- Inspect your certificate
openssl x509 -in <server.crt> -noout -text
- Clear the passphrase of the private key
openssl rsa -in <server.key> -out <server.key.decr>
- Get Jetty keystore password
zmlocalconfig -s -m nokey mailboxd_keystore_password
- Create a CSR via the CLI
sudo /opt/zimbra/bin/zmcertmgr createcsr <self|comm> [-new] [subject] [-subjectAltNames "host1,host2"]
- View deployed certificate via the command line
sudo /opt/zimbra/bin/zmcertmgr viewdeployedcrt
- Convert the cert format from DER to PEM
openssl x509 -in input.cer -inform DER -out output.cer -outform PEM