This tutorial helps you setup SSL on Zimbra Mail.
Step 1 Install SSL Packages using following command:
# yum install mod_ssl openssl
Step 2 First we generate csr and key file using below command:
# openssl req -new -newkey rsa:2048 -nodes -keyout techoism.key -out techoism.csr
Generating a 2048 bit RSA private key
And fill below information:
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) :California
Locality Name (eg, city) [Default City]:San Jose
Organization Name (eg, company) [Default Company Ltd]:Techoism Ltd.
Organizational Unit Name (eg, section) :IT
Common Name (eg, your name or your server's hostname) :Techoism
Email Address :[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
Step 3 We need to Download Root CA and Intermediate CA certificate from DigiCert.
Step 4 Next, we need to Merge DigiCert CA bundle, Root CA and Intermediate CA Certificate and Replace DigiCert CA bundle with merge file.
Step 5 Replace new certificate name with previous certificate name
Step 6 Run the following command to validate the certificate chain:
# /opt/zimbra/openssl/bin/openssl verify -CAfile commercial_ca.crt RootCA.crt
Step 7 Once the certificate chain is validated, you can run the following command to enable the new certificate for use:
# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
Step 8 Run the following command to restart the zimbra service:
# /etc/init.d/zimbra restart
@Note: Default location of SSL in Zimbra “/opt/zimbra/ssl/zimbra/“