Method 1: Via CLI
1. Login as root.
2. Adjust the following command to match your information: /opt/zimbra/bin/zmcertmgr createcsr comm -new '/C=US/ST=California/L=Los Angeles/O=Company Inc/OU=Department/CN=your.domain.com' Where:
C = 2-digit country code
ST = State/Province
L = City
O = Organization Name
OU = Department (e.g., IT Department)
CN = Common Name (mail.domain.com, *.domain.com)
If you want to include more than one name in the CSR, you can add -subjectAltNames to the end of the command. Example:
/opt/zimbra/bin/zmcertmgr createcsr comm -new '/C=US/ST=California/L=Los Angeles/O=Company Inc/OU=Department/CN=your.domain.com' -subjectAltNames 'www.domain.com, secure.domain.com'
3. Running this command will output the CSR to the following location: /opt/zimbra/ssl/zimbra/commercial/commercial.csr
4. You will then need to use the CSR to place the order for the certificate (select “Other” as the server software when placing your order).
Method 2: Using the Admin Console
1. Login to your Zimbra Admin Console using a browser.
2. In the left navigation pane under Home click Configure. Click Certificate.
3. On the right of the Zimbra Admin console click on the settings icon and select Install Certificate.
4. The Certificate Installation Wizard will pop up. Under Server Name Select the Target server you will generate your CSR for. Click Next.
5. In the next step, select the option Generate the CSR for the commercial certificate authorizer
6. Specify the following information as it applies to you:
- From the Digest drop down select sha256.
- From the Key Length drop down select at least 2048.
- Common Name : The Common Name is the Host + Domain Name. It looks like “www.company.com” or “company.com”. If you are going to get a wildcard certificate, then check Use Wildcard Common name
- State or Province (S) Spell out the state completely; do not abbreviate the state or province name, for example California
- Locality or City (L) The Locality field is the city or town name, for example Berkeley.
- Organization (O) If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll. Example XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
- Organizational Unit (OU) This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request.
- In the Subject Alternative Name (SAN), you can select another names if you will use a Multi-SAN SSl certificate, this option is indicated if you want to have mail.customer1.com, mail.customer2.com, etc.
Note: Even though you may specify SAN’s on this CSR you will have to make sure you specify what these extra SAN’s are when enrolling for a SSL Certificate.
- Click 'Next' if you have finished filling up the form
Note: Even though you may specify SAN’s on this CSR, you will have to make sure you specify what these extra SAN’s are when enrolling for a SSL Certificate.
7. In the next page click the 'Download the CSR link' to download your CSR file.
Note: If you miss this step, you can find the csr file in the next path. /opt/zimbra/ssl/zimbra/commercial/commercial.csr
8. Open the CSR file in Notepad and copy its entire contents (including the BEGIN and END tags) into the Sectigo Account page where the CSR will be requested. (select “Other” as the server software when placing your order).