5.x Commercial Certificates Guide
Important: See Administration Console and CLI Certificate Tools before installing a third party certificate using an article listed below. Third party certificate articles are community contributions and may include unsupported steps.
Administration and CLI Tools
Zimbra offers both Administration Console and Command Line Interface (CLI) tools for installing, viewing, and managing certificates. For more information about these tools, see Administration Console and CLI Certificate Tools.
If you'd like to install a certificate whose CSR was made elsewhere (for instance, if you have a wildcard certificate for your domain), see here: Preexisting Certifcate Installation for Zimbra 6.0
Third Party Certificate Articles
The following third party certificates have their own Wiki articles with installation instructions.
See Installing a StartSSL SSL Certificate with zmcertmgr.
See Installing a Comodo SSL Certificate with zmcertmgr.
See Installing DigiCert commercial certificates.
See Installing a Gandi Commercial Certificate on ZCS 5.0.x and 6.0.x
See Installing a GlobalSign Commercial Certificate
See Installing a GoDaddy Commercial Certificate on ZCS 5.0.x.
Network Solutions Certificate
See Installing a Network Solutions Certificate on ZCS 5.0.x.
Thawte SSL Certificate (SSL123 format)
See Installing a Thawte SSL Certificate on ZCS 5.0.x.
See Installing a Verisign Test Certificate on Zimbra Server.
See Installing a Verisign Secure Site Certificate.
If you are experiencing issues installing, viewing, or managing your certificates, see the Category:Troubleshooting Certificates category.
- Inspect your CSR
openssl req -in <server.csr> -noout -text
- Inspect your certificate
openssl x509 -in <server.crt> -noout -text
- Clear the passphrase of the private key
openssl rsa -in <server.key> -out <server.key.decr>
- Get Jetty keystore password
zmlocalconfig -s -m nokey mailboxd_keystore_password
- Create a CSR via the CLI
sudo /opt/zimbra/bin/zmcertmgr createcsr <self|comm> [-new] [subject] [-subjectAltNames "host1,host2"]
- View deployed certificate via the command line
sudo /opt/zimbra/bin/zmcertmgr viewdeployedcrt
- Convert the cert format from DER to PEM
openssl x509 -in input.cer -inform DER -out output.cer -outform PEM