How can I use the Admin Console to setup SSL for Zimbra Email Server? Linux

SSL certificate is recommended to secure our email transactions.

Before installing the SSL Certificate using the Admin Console, you must first generate the CSR, as detailed in the following Wiki:

For a Commercial SSL, generate a valid CSR (Certificate Signing Request).

setup SSL for Zimbra Email Server
setup SSL for Zimbra Email Server

Select the target server to generate the SSL files like the CSR and the private key:

In the next step, select the option to generate the CSR for the commercial certificate authorizer

CSR for the commercial certificate

In this window, you need to select the next settings:

  • Choose a digest of SHA256 or above, rather than SHA1, which is no longer deemed secure. • Use a key length of 2048 or greater.
  • The Common Name (CN) must be the FQDN you intend to use; if you’re using a Single-Server, the FQDN and hostname should be the same.
  • If you want to utilize a Wildcard SSL certificate for Zimbra as well as the rest of your company’s FQDNs, tick the Wildcard checkbox. Use this option to purchase a Wildcard Certificate if the hostname and FQDN do not match but are in the same domain.
  •  In the Subject Alternative Name (SAN), you can select another name if you will use a Multi-SAN SSL certificate, this option is indicated if you want to have mail.velaninfo.com, etc.

download now the CSR file

After fill the details in above-mentioned form you can download now the CSR file, ready to send to your SSL Certificate Provider, if you miss this step, you can find the csr file in the next path /opt/zimbra/ssl/zimbra/commercial/commercial.csr:

You should receive the next files from Comodo:

  • crt
  • crt
  • crt
  • crt files

Go to Home > Configure > Certificates and click in the settings icon, then click on Install Certificate

install the commercial signed certificate

Select the target server where install the SSL Certificate:

Select the option install the commercial signed certificate

If all the info in the review windows is ok, press next button

Add the files one by one that Comodo sent to you, the Certificate, the root, and the CA:

Select Install button and the SSL Certificate will be installed

Restart the Zimbra services like zimbra user in a CLI session:

zmcontrol restart

You can return to the Admin Console and View the installed Certificate.

At Velan, our server support engineers can help to install Zimbra Mail Server and configure SSL in your server. If you are interested in our service, please fill the Quick connect form to get in touch with us.`

 

Credentials

Quick Connect With Us