I just tried to deploy our commercial wild-card SSl cert from Digicert. I followed this: Installing a Network Solutions Certificate on ZCS 5.0.x - Zimbra :: Wiki and adapted it slightly:

1. I created a CSR via Zimbra Web interface

2. requested an additional Tomcat SSL cert on the DigiCert website (already using one for Apache on several websites)

3. Got files: commercial.csr and commercial.key (created by Zimbra), downloaded: DigiCertCA.crt (intermediate cert, TrustedRoot.crt (root cert), star_example.com.p7b, star_example.com.crt.

4. as root: "cat DigiCertCA.crt TrustedRoot.crt >/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt"

5. checked the certfiles: "/opt/zimbra/bin/zmcertmgr verifycrt comm":
** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK

6. deployed it: "/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt":
mail:/opt/zimbra/ssl/zimbra/commercial root# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: commercial.crt: OK
** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
cp: /opt/zimbra/ssl/zimbra/commercial/commercial.crt and commercial.crt are identical (not copied).
** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
cp: /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt and commercial_ca.crt are identical (not copied).
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.

7. restarted Zimbra as user zimbra: "zmcontrol stop;zmcontrol start" but then I ge tthe dreaded error:
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.

After cleaning out /opt/zimbra/log/ I get this:
Starting ldap...Done.
Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.

I just wanted to get fresh log files for easier diagnosing the problem but now I don't get any log messages at all ...
so it appears as if some components cannot access the LDAP store any longer.

How can that happen and what do I do now?