Login as root
su - zimbra
This ssl cert is a wildcard certificate
copy csr key, commcercial.crt commercial-gd_bundle.crt to /tmp of the server
change owner or provide read access to the cert files for zimbra user
do a verify
cd /tmp >> this is where the files were uploaded
commercial.key - this is the csr or private key
company.com.crt - this is the ssl cert downloaded from ssl provide
company.com.gd_bundle.crt - the gd_bundle.crt file downloaded from ssl provider
Verify first the certificates.
#command to verify
/opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key company.com.crt company.com.gd_bundle.crt
copy /tmp/commercial.key to /opt/zimbra/ssl/zimbra/commercial/commercial.key
once all are ok, proceed with deployment
This server where this ssl now has been deployed was at a mailstore server, so you may see mailstore related services below.
#command to deploy
zmcertmgr deploycrt comm company.com.crt company.com.gd_bundle.crt
#output below
** Verifying 'company.com.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate 'company.com.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying 'company.com.crt' against 'company.com.gd_bundle.crt'
Valid certificate chain: company.com.crt: OK
** Copying 'company.com.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Copying 'company.com.gd_bundle.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
** Appending ca chain 'company.com.gd_bundle.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/conf/imapd.keystore'
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'
** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'
** NOTE: restart services to use the new certificates.
** Cleaning up 3 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/bea3f1c6.0
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/ca.pem
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink 'bea3f1c6.0' -> 'ca.pem'
** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
** Creating CA hash symlink '27eb7704.0' -> 'commercial_ca_1.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
** Creating CA hash symlink 'cbf06781.0' -> 'commercial_ca_2.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt
** Creating CA hash symlink 'f081611a.0' -> 'commercial_ca_3.crt'
#Restart service. zmcontrol restart
You may then verify via web ui.
