Replace certificate for https

[aeapra]

I think it’s a quite simple problem, but I’ve just started using Zimbra and I can’t figure it out. I want to use a different certificate for https. Where/How can I replace the certificate that was created during the installation?

We have our own PKI and I have already created the key (openssl req -newkey rsa:2048 -subj "[particular dn]" -keyout server_sec-key.pem -out server.csr -nodes), and received the certificate (server_cert.pem) from our PKI.

I’ve read every certificate related wiki page and forum thread I’ve found, but now I’m even more confused :-) I tried letting Zimbra create the CSR, but it was rejected by our PKI because it does not meet their demands (e.g. 2048 bytes, and particular dn that matches the servers ldap entry).

[Bill Brock]

5.x Commercial Certificates Guide - Zimbra :: Wiki

I figure it will be similar to installing a commercial certificate.

[aeapra]

Yes, it was similar. I admit, I did not read the instructions for ALL third party CAs. The command line instructions for GoDaddy seem to work.

Although I did not understand the difference between /opt/zimbra/ssl/zimbra/commercial/commercial.key and /opt/zimbra/ssl/zimbra/commercial.key. However, using a soft link did work, except for two errors during the deployment:

I was told that both files are the same And I got the errors:
** Saving server config key zimbraSSLCertificate...failed.
** Saving server config key zimbraSSLPrivateKey...failed.

Nevertheless Zimbra starts and the certificate is used.