The Zimbra mail server provides two different methods for generating a Certificate Signing Request (CSR):
- zimbra administration console (web interface)
- zimbra certificate manager (command line interface).
CSR generation via Zimbra Administration Console
To enter the administration console for CSR generation, use the following URL pattern: https: //server.domain.com:7071
In this link, server.domain.com is the current Zimbra server name or IP address; default port is 7071.
1) Put in the complete administrator address, such as [email protected] and then enter the password.
Click Sign In:
2) Click on Configure in the left list of the main menu.
3) In the next window, click on Certificates and pick the option Install Certificate:
4) You will see the separate window where you need to choose the required mail server. Click Next afterwards:
5) Pick the Generate the CSR option to start the generation process:
6) Fill in all necessary information:
- Common Name is a fully qualified domain name for which the SSL will be activated. For SSL Wildcard certificates, an asterisk should be placed in front of the domain name (e.g., *.example.com).
- Country Name is a two capital letter (ISO 3166-1 compliant) code of the country where the company or applicant is located (e.g., US).
- State/Province is a state, county or region where the company or applicant is located (e.g., California).
- City is a city or town, village where the company or applicant is located. (e.g., Los Angeles).
- Organization name is the officially registered name of the organization that applies for a certificate. If you do not have any, put NA here.
- Organizational Unit is the name of the department or division within your organization. If you do not have any, put NA here.
If you are going to activate a single domain SSL certificate, click on the Remove button to delete the Subject Alternative Name. Once done, click Next to proceed:
7) Download the CSR file, open it with any text editor, and copy the whole CSR code including the Begin Certificate and End Certificate lines for further SSL certificate activation in the 1Byte account.
Leverage 1Byte’s strong cloud computing expertise to boost your business in a big way
1Byte provides complete domain registration services that include dedicated support staff, educated customer care, reasonable costs, as well as a domain price search tool.
Elevate your online security with 1Byte's SSL Service. Unparalleled protection, seamless integration, and peace of mind for your digital journey.
No matter the cloud server package you pick, you can rely on 1Byte for dependability, privacy, security, and a stress-free experience that is essential for successful businesses.
Choosing us as your shared hosting provider allows you to get excellent value for your money while enjoying the same level of quality and functionality as more expensive options.
Through highly flexible programs, 1Byte's cutting-edge cloud hosting gives great solutions to small and medium-sized businesses faster, more securely, and at reduced costs.
Stay ahead of the competition with 1Byte's innovative WordPress hosting services. Our feature-rich plans and unmatched reliability ensure your website stands out and delivers an unforgettable user experience.
As an official AWS Partner, one of our primary responsibilities is to assist businesses in modernizing their operations and make the most of their journeys to the cloud with AWS.
FURTHER READING: |
| 1. Generating a CSR on Windows using OpenSSL |
| 2. Generating a CSR using WHM |
| 3. Generating a CSR on Webmin |
CSR generation via Zimbra Certificate Manager (command line interface)
A Zimbra package has the “zmcertmgr” tool to manage SSL certificates.
For versions 8.6 or lower, this tool must be run as root. Run this command in the terminal to get root privileges:
sudo su
Starting from version 8.7 this tool should be run as a zimbra user. Run these commands to switch from the default user to the zimbra user:
sudo su
su zimbra
Run the following command to generate a new CSR code for a single domain SSL certificate:
/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject “/C=US/ST=CA/L=Los Angeles/O=1Byte/OU=NA/CN=server.domain.com” -noDefaultSubjectAltName
- Where C – Country
- ST – State (region)
- L – Locality (city, town, etc.)
- O – Organization name
- OU – Organization Unit
- CN – Common Name (primary server hostname)
(All this information should be your own contact information)
To generate a CSR for a Wildcard certificate, put the server hostname in this format: *.domain.com
If you would like to generate a CSR for multiple domain names, run this command:
/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject “/C=US/ST=CA/L=Los Angeles/O=1Byte/OU=NA/CN=first.domain.com” -subjectAltNames “second.domain.com,third.domain.com”
Where CN – primary server hostname and subjectAltNames “second.domain.com,third.domain.com” – additional hostnames separated by a comma.
Once the CSR file is generated, open it with this command:
cat /opt/zimbra/ssl/zimbra/commercial/commercial.csr
The CSR code should look like:
Copy the full output including the header —–BEGIN CERTIFICATE REQUEST—– and footer —–END CERTIFICATE REQUEST—– for further SSL activation in the 1Byte account.
Note: The corresponding private key will be saved in this file /opt/zimbra/ssl/zimbra/commercial/commercial.key
It will be required for SSL certificate installation on this or other server.