To create a new CSR for your Zimbra system, perform the steps below:
Step 1: Creating your CSR through the Zimbra Admin Console:
- Open a browser window login to the Zimbra Admin Console.
- In the left navigation pane under Home click Configure.
- Click Certificate.
- On the right of the Zimbra Admin console click on the settings icon and select Install Certificate.
- The Certificate Installation Wizard will pop up (Don’t get confused yes indeed you are still creating a CSR)
- Under Server Name Select the Target server you will generate your CSR for.
- Click Next.
- Under Choose the Installation Option select Generate the CSR for the commercial certificate authorizer.
- Click Next.
- Specify the following information as it applies to you:
- From the Digest drop down select sha256.
- From the Key Length drop down select at least 2048.
- Common Name: The Common Name is the Host + Domain Name. It looks like “www.company.com” or “company.com”.
- If you want to use a Wildcard SSL certificate for your Zimbra, and for the rest of you other FQDN. If the hostname and the FQDN doesn’t match, but are in the same domain, If you like check the Use Wildcard Common Name and buy a Wildcard Certificate. Example *.yourdomain.com will work for multiple subdomains as long as the yourdomain.com remains the same.
- Country Name: The two letter code for your country. Example: US, DE
- State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California
- Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
- Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll. Example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
- Organizational Unit (OU): This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request.
- In the Subject Alternative Name (SAN), you can select another names if you will use a Multi-SAN SSl certificate, this option is indicated if you want to have mail.customer1.com, mail.customer2.com, etc.
Note: Even though you may specify SAN’s on this CSR you will have to make sure you specify what these extra SAN’s are when enrolling for a SSL Certificate.
- On the Download the Certificate Signing Request click the Download the CSR link.
-
Open CSR file with Notepad or Wordpad, copy all and paste into this tool can test CSR is valid and accurate or not: https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp
Note: If you miss this step, you can find the csr file in the next path. /opt/zimbra/ssl/zimbra/commercial/commercial.csr -
Copy the entries of CSR file and send it to VietNamHost , or paste it to the online SSL order screen on VietNamHost website.
After you receive your SSL Certificate from VietNamHost, you can install it.
See Zimbra SSL Installation Instructions.
