Adding a GoDaddy SSL Certificate to Zimbra 7

I’ve struggled with getting a GoDaddy-issued SSL certificate installed into a new Zimbra instance for a client. Fortunately I used a virtual machine and was able to make snapshots of the VM along the way. Most of the struggle revolved around the fact that (1) GoDaddy makes the required files available in many versions and formats, and (2) the Zimbra documentation really sucks in this area.

Fortunately I found David McKay’s article How to Renew a GoDaddy Certificate on Zimbra. This gave me insight into which combination of files to use.

Zimbra Installation

  1. The Zimbra instance must install cleanly. My Zimbra installation notes are here.
  2. You must be able to view the Zimbra Certificates page without error. The page is found on the lower portion of the side bar.

The Certificate page in the Zimbra administrative panel.

Get the Certificate Files

  1. Use the Install Certificate button to create the CSR.
  2. Download the CSR.
  3. Paste the CSR into GoDaddy’s SSL certificate page.
  4. When downloading the certificate, there is a list of formats to choose from. Choose Apache.
  5. Also download GoDaddy’s root certificate file gd-class2-root.crt from their Repository page. As of this writing, this is the first file listed.

Installing the SSL Certificate

Back on the Zimbra Certificate page, click on Install Certificate button. You’ll be asked for several files.

  1. Certificate File: This is the new SSL certificate from the zip file. The default name is domain.crt.
  2. Root CA File: This is the file gd-class2-root.crt that you downloaded separately.
  3. Intermediate CA file: This is the file gd_bundle.crt found in the zip file.

This was the combination of files I was looking for but didn’t quite ever get right.

Store these files with backups.

This entry was posted in SysAdmin and tagged , , , , , , , . Bookmark the permalink.

7 Responses to Adding a GoDaddy SSL Certificate to Zimbra 7

  1. Pingback: FYI: How I got a GoDaddy SSL certificate installed into Zimbra 7 - Zimbra :: Forums

  2. Jggonz says:

    Here’s a lengthy write up I made using information from several threads:

    IT Bang Bang: Installing $12.99 GoDaddy SSL Certificate on Zimbra versions 5 and 6

    I hope it helps people get their Certificates properly set up.

    Leave me comments if it worked.

  3. Just to add my bit of wisdom:

    Installing a new GoDaddy “* Cert” / “asterisk Cert” / “wildcard Cert” in Zimbra 7 using CLI:
    The Cert had already been made, not using Zimbra.

    You need 3 files in place:
    a: (your GoDaddy cert)
    b: your private key, and
    c: GoDaddys root CA key.

    And here is the procedure: (as previously stated, it worked for me, but that doesn’t guarantee anything.)

    1: Download your cert file (
    2: Find your private key, and copy it into /opt/zimbra/ssl/zimbra/commercial/commercial.key
    It has to have that particular name; commercial.key
    3: Get the root CA key (gd_bundle.crt) from GoDaddy repository.
    The one labeled “(for cPanel, Plesk, Apache 1.x and 2.x installation only)” worked for me.
    4: Run the following command:

    /opt/zimbra/bin/zmcertmgr deploycrt comm gd_bundle.crt

    After pressing enter, the following happened:

    ** Verifying against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Enter pass phrase for /opt/zimbra/ssl/zimbra/commercial/commercial.key:
    Certificate ( and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: OK

    After that, a few lines showing all kinds of usefule information scrolled by.

    Aaaaaaand we are done! 🙂

  4. Pingback: Zimbra SSL Certification Renewal with Godaddy « .ultrageek.

  5. John Emery says:


    Thought you or someone else looking for info on SHA-2 and zimbra 7 might appreciate this.

    I cannot find any info on the web to help with SHA-2 CSR and zimbra 7. With a combination of this post and hard work I was able to get it to work by modifying the /opt/zimbra/bin/zmcertmgr script (make a backup first!).

    Since zimbra generates CSRs with openssl add the ‘-sha256’ switch to the “${openssl} req” line in the createServerCertReq function. So what looked like this:

    ${openssl} req -new -nodes -out ${current_csr} -keyout ${current_key} \

    Now looks like this:

    ${openssl} req -sha256 -new -nodes -out ${current_csr} -keyout ${current_key} \

    I saved my changes to the script and ran through your steps and the CSR was now SHA-2/SHA256.

    The CSR signature algorithm can be verified via the symantec web tool (and I’m sure many others):


  6. Pingback: Jsp Godaddy – Cyber Sun

  7. Pingback: Download Godaddy Root Ca Certificate

Leave a Reply