Zimbra Mail | Extend SSL Certificate

The article is focused on:

• SSL Vendor: SSLS.COM
• Domain Verification: E-mail based

Supporting Readers: MD Reader

Steps

• Login to Lastpass to get credentials for SSLS.COM.

• Login to SSLS.com.

• Go to https://www.ssls.com/user/bundles.

• Use the search on the top right side to filter your domain.

• You have to verify your domain again. So click on ‘resend‘ to send the verification email.

• 

• Click on the ‘Details‘ button, you will see the email address that the domain verification will go to.

• 

• Go to your email box from zimbra portal. Find the email box, right click &click on ‘View Mail‘.

• 

• Open the email verification & copy the code (COPY TO CLIPBOARD).

• 

• Go to the ‘Details’ page and click on ‘Confirm Code Pasted‘. This will automatically paste the code from the clipboard.

• Your page state will change to a waiting status as below.

• 

• Now go back to your email, click on the green colour “here” link, It’s hard to see it as a link.

  • The link URL will look something like: https://secure.trust-provider.com/products/EnterDCVCode?orderNumber=xxxx

• You will be directed to a new page, to enter the code.

• Paste the code there also. and refresh the [SSLS.COM > Detail] page, And you should now get a download link.

• If you are still frozen/stuck at stage-3, If so raise the issue to customer support.

• 

• Once the certificate is ready, you will see ‘Download‘ in stage-3. down the file.

• White list your IP on AWS security group for zimbra-server.

• cd to the downloaded certs location and unzip it.

• SSH to mail server using

  # Mail server IP is 52.42.92.51, change this if something diffrent.
  ssh ubuntu@52.42.92.51 -i FILE-PATH-TO-PEM-FILE/sysdek_servers.pem  
  

• On the mail server

  sudo su
  
  # Create a path to upload certificates temporly
  mkdir -p /home/ubuntu/certificates/2022
  
  #allow to upload remotly
  chown ubuntu /home/ubuntu/certificates/2022
  chmod 777 /home/ubuntu/certificates/2022
  

On local PC

• Execute:

  cd {YOUR-UNZIPED-FOLDER}
  
  # Rename the files to proper standard
  mv mail.sysdek.com.crt commercial.crt
  mv mail.sysdek.com.ca-bundle commercial.ca-bundle
  

• Copy the ca-bundle content to the crt file (append) & save.

• Execute:

  
  #copy the files to the server
  scp -i {FILE-PATH-TO-PEM-FILE}/sysdek_servers.pem commercial.crt commercial.crt ubuntu@52.42.92.51:/home/ubuntu/certificates/2022
  scp -i {FILE-PATH-TO-PEM-FILE}/sysdek_servers.pem commercial.ca-bundle commercial.ca-bundle ubuntu@52.42.92.51:/home/ubuntu/certificates/2022
  

On the mail server

• Execute:

  #switch to Zimbra user
  sudo su
  
  $ Set proper ownership & permissions
  cd /home/ubuntu/certificates/2022
  chown zimbra:zimbra -R ./
  chmod 640 ./commercial.ca-bundle ./commercial.crt
  
  # Switch to Zimbra User
  su zimbra
  
  # Verfy if the certs are workable
  /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key ./commercial.crt ./commercial.ca-bundle
  
  # [if verified]
  
  # Go to certificate dirrectry
  cd /opt/zimbra/ssl/zimbra/commercial
  
  # Make a backup
  mkdir -p backup/expired_2022
  cp commercial.* /opt/zimbra/ssl/zimbra/commercial/backup/expired_2022
  
  # Move in the new certificates
  mv /home/ubuntu/certificates/2022/commercial.* /opt/zimbra/ssl/zimbra/commercial/
  
  # Deploy certificate
  /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial.ca-bundle
  
  # Restart mail server services
  zmcontrol restart
  
  # Remove the temp folder
  rm /home/ubuntu/certificates/2022/ -r