I recently had to install a Comodo SSL certificate onto a Zimbra Server. Unfortunately, if you already have a certificate there is no simple way of installing a SSL certificate that you've already purchased, hence the need for these instructions.

When you purchase a SSL cert from Comodo, you'll end up with three files:

  • $hostname.crt = your cert file
  • $hostname.ca-bundle = the bundle file
  • $hostname.key (the key you produced and used to create the Signing Request).

    • Once you have these three files, copy the first to to your /tmp directory, and copy the key file to:

    /opt/zimbra/ssl/zimbra/commercial/commercial.key

    Once you've done that, you need to download an extra couple of certs from Comodo, depending on when you purchased your certificate. I used the pre-March 2009 version, from here Comodo Downloads.

    Once you've downloaded them, add them to the end of your ca-bundle file.

    With that done, as root, run 

    /opt/zimbra/bin/zmcertmgr verifycrtchain comm /tmp/$hostname.crt /tmp/$hostname.ca-bundle

    Providing that doesn't error out, then you're good to deploy.

    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/$hostname.crt /tmp/$hostname.ca-bundle

    Switch to the Zimbra user:

    su - zimbra

    Then restart all zimbra services:

    zmcontrol restart

    Your new certificates are now installed!