Sunday, April 2, 2023

Install a Sectigo Domain Validation SSL certificate in Zimbra

We usually get the below four files from Sectigo in the certificate bundle. The file name may vary depending on the certificate type 

  1. yourdomain.com.crt – main certificate 
  2. AAACertificateServices.crt – Root Certificate 
  3. USERTrustRSAAAACA.crt – Intermediate Certificate – 1
  4. SectigoRSADomainValidationSecureServerCA.crt – Intermediate Certificate – 2 

 Step 1: We shall create two files as below

  • commercial_ca.crt (includes root certificate and two intermediate certificates)
  • commercial.crt (includes main certificate, root certificate and two intermediate certificates)
Step 2: Login to Zimbra server, move to directory /opt/zimbra/ssl/zimbra/commercial and create two files as below.

root@mail:~# cd /opt/zimbra/ssl/zimbra/commercial/
root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial_ca.crt
root@mail:/opt/zimbra/ssl/zimbra/commercial# touch commercial.crt

Step 3: Provide ownership to Zimbra.

root@mail:/opt/zimbra/ssl/zimbra/commercial# chown zimbra:zimbra commercial_ca.crt
root@mail:/opt/zimbra/ssl/zimbra/commercial# chown zimbra:zimbra commercial.crt

Step 4: Add the certificates into respective files as mentioned above.

root@mail:/opt/zimbra/ssl/zimbra/commercial# vim commercial_ca.crt

-----BEGIN CERTIFICATE-----
<root certificate is here>
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
<intermediate certificate 1 is here>
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
<intermediate certificate 2 is here>
-----END CERTIFICATE---

root@mail:/opt/zimbra/ssl/zimbra/commercial# vim commercial.crt

-----BEGIN CERTIFICATE-----
<main certificate is here>
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
<root certificate is here>
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
<intermediate certificate 1 is here>
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
<intermediate certificate 2 is here>
-----END CERTIFICATE-----

Step 5: Execute below command as Zimbra user to verify the certificate.


zimbra@mail:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

Step 6: Install the certificate.

zimbra@mail:~/ssl/zimbra/commercial$ /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt


Step 7: Restart Zimbra service to take effect the changes.

zimbra@mail:~$ zmcontrol restart

Source: https://tweenpath.net/install-sectigo-domain-validation-ssl-certificate-zimbra/

Renew letsencrypt ssl certificate for zimbra 8.8.15

 Letsencrypt certs usually consists of these files: 1. cert.pem 2. chain.pem 3. fullchain.pem 4. privkey.pem I am not going to discuss about...