We usually get the below four files from Sectigo in the certificate bundle. The file name may vary depending on the certificate type
- yourdomain.com.crt – main certificate
- AAACertificateServices.crt – Root
Certificate
- USERTrustRSAAAACA.crt – Intermediate Certificate – 1
- SectigoRSADomainValidationSecureServerCA.crt – Intermediate Certificate – 2
Step 1: We shall create two files as below
- commercial_ca.crt (includes root certificate and two intermediate certificates)
- commercial.crt (includes main certificate, root certificate and two intermediate certificates)
Step 2: Login to Zimbra server, move to directory /opt/zimbra/ssl/zimbra/commercial and create two files as below.
root@mail:~# cd /opt/zimbra/ssl/zimbra/commercial/
root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial_ca.crt
root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial.crt
Step 3: Provide ownership to Zimbra.
root@mail:/opt/zimbra/ssl/zimbra/commercial# chown zimbra:zimbra commercial_ca.crt
root@mail:/opt/zimbra/ssl/zimbra/commercial# chown zimbra:zimbra commercial.crt
Step 4: Add the certificates into respective files as mentioned above.
root@mail:/opt/zimbra/ssl/zimbra/commercial# vim commercial_ca.crt
-----BEGIN CERTIFICATE-----
<root certificate is here>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediate certificate 1 is here>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediate certificate 2 is here>
-----END CERTIFICATE---
root@mail:/opt/zimbra/ssl/zimbra/commercial# vim commercial.crt
-----BEGIN CERTIFICATE-----
<main certificate is here>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<root certificate is here>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediate certificate 1 is here>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<intermediate certificate 2 is here>
-----END CERTIFICATE-----
Step 5: Execute below command as Zimbra user to verify the certificate.
zimbra@mail:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
Step 6: Install the certificate.
zimbra@mail:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
Step 7: Restart Zimbra service to take effect the changes.
zimbra@mail:~$ zmcontrol restart
Source: https://tweenpath.net/install-sectigo-domain-validation-ssl-certificate-zimbra/