We had a really interesting experience learning the exact steps for a multi-node commercial certificate install.
First of all, our csr includes the Common Name of webmail.ourdomain.com, and in the Subject Alt Names we list all of our server names (ldap1.ourdomain.com,ldap2.,mta1.,mta2.,store1., etc.) as well as the names we give to our users (webmail.ourdomain.com, smtp.ourdomain.com, imap.ourdomain.com, etc).
With that csr we purchased our certificate from Geotrust and after a bit of trial and error, realized these steps work flawlessly:
In /tmp place:
ca.crt (downloaded from Geotrust website)
ca_intermediary.crt (downloaded from Geotrust website)
commercial.crt (purchased from Geotrust)
In /opt/zimbra/ssl/zimbra/commercial place:
commercial.key
commercial.csr
(these are originally from the server the csr was created on, both were created when we generated the csr)
cat /tmp/ca.crt /tmp/ca_intermediary.crt > /tmp/ca_chain.crt
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt
zmcontrol stop
zmcontrol start
We performed these steps on each of the servers and we were up and running.
Thanks,
Eric  | 
Bugzilla
Wiki
Source
Linear Mode
