I gave it a try on the console:
1. copy a private key to
/opt/zimbra/ssl/zimbra/commercial/commercial.key
2. deploy ca bundle
/opt/zimbra/bin/zmcertmgr deployca /path-to-ca-bundle/commercial_ca.crt
3. copy a ca bundle to:
/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
4. verify key and cert
/opt/zimbra/bin/zmcertmgr verifycrt comm /yourpath/commercial.key /yourpath/commercial.crt
5. deploy cert
/opt/zimbra/bin/zmcertmgr deploycrt comm /yourpath/commercial.crt /yourpath/commercial_ca.crt
6. restart zimbra
/etc/init.d/zimbra stop
/etc/init.d/zimbra start
All above actions finished ok.
now it still doesn't start correctly.
Code:
Mar 19 19:03:01 mx2 zimbramon[31570]: 31570:info: zmmtaconfig: gacf ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
Mar 19 19:03:04 mx2 zimbramon[31570]: 31570:info: zmmtaconfig: Skipping getAllReverseProxyURLs ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
All other errors are compaining: "system failure: ZimbraLdapContext"