Dear members,

Last week, we've ordered a new commercial SSL certificate for our open source Zimbra 7 environment.

Therefore, I have 3 files:
  • A csr file for requesting the commercial certificate (generated by the Zimbra web admin interface)
  • Commercial certificate in pem format (contains 1 begin and end certificate entry) (got from our SSL vendor)
  • Commercial certificate chain file in pem format (contains 3 times a begin and end certificate entry) (got from our SSL vendor)

I've installed them into the web interface of our zimbra environment. After restarting the zimbra service, the new certificate was applied to the admin part (port 7071).

However, it was not applied to the Apache web server that's being used for serving the webmail (port 443). Apache is still using the old certificate.

I've taken a look into /etc/httpd/conf.d/ssl.conf and have those 3 lines in place (refering to the old certificates, not the new ones, apparently...):

SSLCertificateFile /path_to_commercial.crt
SSLCertificateKeyFile /path_to_commercial.key
SSLCertificateChainFile /path_to_commercial_ca.crt
The SSLCertificateFile contains 3 begin and end entries (like the certificate chain certificate of our ssl vendor).
SSLCertificateKeyFile contains a RSA private key entry.
SSLCertificateChainFile contains 2 begin and end certificate entries

As you may understand, I don't understand/know what files have to set here in place. The Zimbra and Apache environment was not set up by me (old colleague who's not working anymore for us).

Currently, the webmail uses the old certificate, but because of the browser warnings (certificate expired) we want to apply the new certificate here as well.

Someone who can help me with this matter?

Thanks in advance.