Source: Zimbra Wiki
I bought a commercial SSL certificate and wanted to install it on the Zimbra server. This method uses Zimbra’s zmcertmgr in terminal. First create a csr and get your SSL certificate:
openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr
If the intemediary CA and root CA’s came in separate, files combine them. I was using Comodo’s Positive SSL certificates. In Ubuntu terminal,
cat PositiveSSLCA2.crt AddTrustExternalCARoot.crt > ca_chain.crt
Next, I renamed the server’s SSL certificate to commercial.crt and then verified server’s certificate with the following command:
/opt/zimbra/openssl/bin/openssl verify -CAfile ca_chain.crt commercial.crt
And finally, install the certificate using zmcertmgr
/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt ca_chain.crt
You can verify that the installation was successful with the following command:
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
If everything looks okay, restart Zimbra.
zmcontrol restart
Update for Zimbra 8.5
http://wiki.zimbra.com/wiki/Installing_a_GeoTrust_Commercial_Certificate
You need to use the Zimbra’s tool for generating the CSR, or else the private key used in ZCS won’t match.