Zimbra 8.x.x – CSR Instructions

To generate a Certificate Signing Request (CSR), a key pair must be created for the server. These two items are your public/private key pair and cannot be separated. If the public/private key file or password is lost or changed before the SSL certificate is installed, the SSL certificate will need to be re-issued. The private key, CSR and certificate must all match in order for the installation to be successful.

To create a new CSR for your Zimbra system, perform the steps below:

Step 1: Creating your CSR through the Zimbra Admin Console:

1. Open a browser window login to the Zimbra Admin Console.
2. In the left navigation pane under Home click Configure.
   
3. Click Certificate.
   
4. On the right of the Zimbra Admin console click on the settings icon and select Install Certificate.
5. The Certificate Installation Wizard will pop up (Don’t get confused yes indeed you are still creating a CSR)
6. Under Server Name Select the Target server you will generate your CSR for.
7. Click Next.
8. Under Choose the Installation Option select Generate the CSR for the commercial certificate authorizer.
9. Click Next.
10. Specify the following information as it applies to you:
    • From the Digest drop down select sha256.
    • From the Key Length drop down select at least 2048.
    • Common Name: The Common Name is the Host + Domain Name. It looks like “www.company.com” or “company.com”.
    • If you want to use a Wildcard SSL certificate for your Zimbra, and for the rest of you other FQDN. If the hostname and the FQDN doesn’t match, but are in the same domain, If you like check the Use Wildcard Common Name and buy a Wildcard Certificate. Example *.yourdomain.com will work for multiple subdomains as long as the yourdomain.com remains the same.
    • Country Name: The two letter code for your country. Example: US, DE
    • State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California
    • Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
    • Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll.  Example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
    • Organizational Unit (OU): This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request.
    • In the Subject Alternative Name (SAN), you can select another names if you will use a Multi-SAN SSl certificate, this option is indicated if you want to have mail.customer1.com, mail.customer2.com, etc.
      Note: Even though you may specify SAN’s  on this CSR you will have to make sure you specify what these extra SAN’s are when enrolling for a SSL Certificate.
11. On the Download the Certificate Signing Request click the Download the CSR link.
12. You can download now the CSR file, ready to send to your SSL Certificate Provider. Open the CSR file in Notepad and copy its entire contents (including the BEGIN and END tags) into the enrollment portal.
    Note: If you miss this step, you can find the csr file in the next path. /opt/zimbra/ssl/zimbra/commercial/commercial.csr:

Your CSR have just generated a CSR for your Zimbra system.

If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.

Zimbra Support:

For more information refer to Zimbra

For Installation Instructions Click HERE.