Install SSL on Zimbra Mail
This tutorial helps you setup SSL on Zimbra Mail.
Step 1 Install SSL Packages using following command:
# yum install mod_ssl openssl
Step 2 First we generate csr and key file using below command:
# openssl req -new -newkey rsa:2048 -nodes -keyout techoism.key -out techoism.csr Generating a 2048 bit RSA private key
And fill below information:
Country Name (2 letter code) [XX]:IN State or Province Name (full name) []:California Locality Name (eg, city) [Default City]:San Jose Organization Name (eg, company) [Default Company Ltd]:Techoism Ltd. Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's hostname) []:Techoism Email Address []:dennis.R@techoism.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
Step 3 We need to Download Root CA and Intermediate CA certificate from DigiCert.
Step 4 Next, we need to Merge DigiCert CA bundle, Root CA and Intermediate CA Certificate and Replace DigiCert CA bundle with merge file.
Step 5 Replace new certificate name with previous certificate name
Step 6 Run the following command to validate the certificate chain:
# /opt/zimbra/openssl/bin/openssl verify -CAfile commercial_ca.crt RootCA.crt
Step 7 Once the certificate chain is validated, you can run the following command to enable the new certificate for use:
# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
Step 8 Run the following command to restart the zimbra service:
# /etc/init.d/zimbra restart
@Note: Default location of SSL in Zimbra “/opt/zimbra/ssl/zimbra/“