ZCS Administrator Guide 8.0
ZCS Administrator Guide 8.0
Open Source Edition


Managing ZCS Configuration > Managing SSL Certificates for ZCS

Managing SSL Certificates for ZCS
A certificate is the digital identity used for secure communication between different hosts or clients and servers. Certificates are used to certify that a site is owned by you.
Two types of certificates can be used - self-signed and commercial certificates.
*
A self-signed certificate is an identity certificate that is signed by its own creator.
You can use the Certificate Installation Wizard to generate a new self-signed certificate. This is useful when you use a self-signed certificate and want to change the expiration date. The default is 1825 days (5 years). Self-signed certificates are normally used for testing.
*
A commercial certificate is issued by a certificate authority (CA) that attests that the public key contained in the certificate belongs to the organization (servers) noted in the certificate.
When Zimbra Collaboration Server is installed, the self-signed certificate is automatically installed and can be used for testing Zimbra Collaboration Server. You should generate install the commercial certificate when Zimbra Collaboration Server is used in your production environment.
Installing Certificates
To generate the CSR, you complete a form with details about the domain, company, and country, and then generate a CSR with the RSA private key. You save this file to your computer and submit it to your commercial certificate authorizer.
To obtain a commercially signed certificate, use the Zimbra Certificates Wizard in the administration console to generate the RSA Private Key and Certificate Signing Request (CSR). Go to Home > Certificates and in the gear icon menu select Install Certificates. The Certificate Installation Wizard dialog box displays.
You enter the following information in the wizard:
 
Option 
Description 
Exact domain name that should be used to access your Web site securely.
If you want to manage multiple sub domains on a single domain on the server with a single certificate, check this box. An asterisk (*) is added to the Common Name field.
If you are going to use a SAN, the input must be a valid domain name. When SAN is used, the domain name is compared with the common name and then to the SAN to find a match. You can create multiple SANs. When the alternate name is entered here, the client ignores the common name and tries to match the server name to one of the SAN names.
Download the CSR from the Zimbra server and submit it to a Certificate Authority, such as VeriSign or GoDaddy. They issue a digitally signed certificate.
When you receive the certificate, use the Certificates Wizard a second time to install the certificate on the ZCS. When the certificate is installed, you must restart the server to apply the certificate.
Copyright © 2012 VMware Inc.