My quick notes on what I have to do every year to upgrade my Zimbra mail certificate with a new Namecheap SSL certificate:
- Request CSR
/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=COUNTRY/ST=STATE/L=LOCATION/O=ORG/OU=OU/CN=CN.EXAMPLE.ORG" -subjectAltNames CN.EXAMPLE.ORGcat /opt/zimbra/ssl/zimbra/commercial/commercial.csr
- Upload CSR, verify domain, receive cert bundle
- Copy CRT & CA Bundle files to /tmp/cert
- Change permissions of files to allow zimbra user to use them:
sudo chown zimbra /tmp/cert
sudo chown zimbra /tmp/cert/* - Verify it works against private key
zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/cert/ISSUED_CRT.crt /tmp/cert/CA_BUNDLE.ca-bundle - Import new key
zmcertmgr deploycrt comm /tmp/cert/ISSUED_CRT.crt /tmp/cert/CA_BUNDLE.ca-bundle - Restart zimbra
zmcontrol restart