Create CSR on Zimbra and SSL Installation
Zimbra CSR Creation
- Log in as root.
- Adjust the following command to match your information: /opt/zimbra/bin/zmcertmgr createcsr comm -new "/C=US/ST=NJ/L=Clifton/O=Company Inc/OU=Department/CN=your.domain.com" Where:
- Running this command will output the CSR to the following location: /opt/zimbra/ssl/zimbra/comodo/comodo.csr
- You will use the CSR to place the order for the certificate (select “Other” as the server software when placing your order).
- Once you receive the .zip containing the certificate files, extract the “certs” folder somewhere on your server. We will be combining some the files you received in to a PEM format. To create the pem file, you can reference our PEM instructions or follow the next steps of these instructions.
- Take your server certificate (your_domain_name.crt) and copy it to a file called comodo.crt in the following directory: /opt/zimbra/ssl/zimbra/comodo/
- With a text editor (such as wordpad or notepad), copy and paste the entire body of each of the following certificates into one text file in the following order:
- The First Intermediate Certificate - COMODORSACA.crt
- he Second Intermediate Certificate(if a 2nd intermediate cert is supplied) – COMODORSADomainValidation.crt
- The Root Certificate - AddTrustExternalCAROOT.crt
- Save the combined file as comodorsaaddtrustca.crt in the following directory: /opt/zimbra/ssl/zimbra/comodo/
- Run the following command to validate the certificate chain: /opt/zimbra/openssl/bin/openssl verify -CAfile comodorsaca.crt comodorsadomainvalidation.crt
- Once the certificate chain is validated, you can run the following command to enable the new certificate for use: /opt/zimbra/bin/zmcertmgr deploycrt comm comodorsadomainvalidation.crt comodorsaca.crt
C = 2-digit country code
ST = State/Province
L = City
O = Organization Name
OU = Department (e.g., IT Department)
CN = Common Name (mail.domain.com, *.domain.com)
If you want to include more than one name in the CSR, you can add -subjectAltNames to the end of the command. Example:
/opt/zimbra/bin/zmcertmgr createcsr comm -new "/C=US/ST=NJ/L=Clifton/O=Company Inc/OU=Department/CN=your.domain.com" -subjectAltNames "www.domain.com, secure.domain.com"
Zimbra SSL Installation
Make sure to include the beginning and end tags on each certificate. The result should look like this:
(Your First Intermediate certificate: ComodoRSAAddTrustCA.crt)
(Your Second Intermediate certificate (if applicable): ComodoRSADomainValidation.crt)
(Your Root certificate: AddTrustExternalCAROOT.crt)
The SSL certificate should now be active.