Zimbra - HowTo make SSL certificate

Generate SSL Certificate CSR for Zimbra and signing it with Microsoft CA


First you must generate a CSR (CertifcateSignRiquest)

# how user root
#/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/CN=zimbadmz.testmail.local/OU=Sistemisti/O=systematica/L=Bologna/ST=Italy/C=IT" -subjectAltNames "zimbadmz.testmail.local,zimbaba.testmail.local"

The CSR File is /opt/zimbra/ssl/zimbra/commercial/commercial.csr

[root@zimbaba ~]# cat /opt/zimbra/ssl/zimbra/commercial/commercial.csr
-----BEGIN CERTIFICATE REQUEST-----
MIICFjCCAX8CAQAwcTEVMBMGA1UEAxMMem1haWwuYWRzLml0MRMwEQYDVQQLEwpT
aXN0ZW1pc3RpMRQwEgYDVQQKEwtzeXN0ZW1hdGljYTEQMA4GA1UEBxMHQm9sb2du
YTEOMAwGA1UECBMFSXRhbHkxCzAJBgNVBAYTAklUMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQC7DX5xHqn075bbWevGOyQXqH0d5p1SRZpxceAklNR2PF2OXum7
0I31Dq2UY307pujJFq0jJtOsMRblPcbMFnttZvKgCRv6S8wauwYxDScD10P2aGLd
KmxXPZow4ko5Dd4FKKjE2TwO+ohBqTqfPCwXU228hHtTo1c1AwkwSvuLsQIDAQAB
oGUwYwYJKoZIhvcNAQkOMVYwVDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DA6BgNV
HREEMzAxghZ6aW1iYWJhLnRlc3RtYWlsLmxvY2Fsghd6aW1iYWRtei50ZXN0bWFp
bC5sb2NhbDANBgkqhkiG9w0BAQUFAAOBgQB9hwQXBCd9Qj2MEw5I5PGtAZS/Hj/1
PoiJce8dCYWioXKnq8vchftz435dBCC3+rztrSqZbihPtFcWMPWs1FiCna2RSO6m
jJ9+wtNspO4RsCvE2DUHflP1mRmHFksh1p6BUyJOLgBHoq0QiG7McE86VwiRs+FB
sddM4kwefEIG8g==
-----END CERTIFICATE REQUEST-----
[root@zimbaba ~]# 


Go to the Microsoft Certification Authority http://srv_ca.domain/CertSrv and paste the content of CSR file.
Create a certificate for "WebServer" and export them in Base64 format.

Copy your RootCA in /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
Copy your CRT in /opt/zimbra/ssl/zimbra/commercial/server.cer

How to verify the cert file:
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key \ /opt/zimbra/ssl/zimbra/commercial/server.cer

Now install the cert:
/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/server.cer \ /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

Restart and test