I let our certificate expire, due to poor planning, and was not able
to use the Certificate Tool to generated a new CSR. ( I assume because
cert had expired ).
Tried to generate a CSR using the commercial.key as noted
in the wiki but I could not find a way to generate a 2048 bit key.
GoDaddy appears to require a 2048 bit setup hence I decided to try
brute force and do everything the long way. Here were the steps.
0) Make a working directory and work out of it, FOR example.
1) Generate a key ( has to have a password initially ?? )
openssl genrsa -des3 -out zimbra_password.key 2048
2) remove the password from key file ( use password set in step 1 above )
openssl rsa -in zimbra_password.key -out zimbra.key
3) generate CSR ( make sure CN is correct for application etc)
openssl req -new -key zimbra.key -out zimbra.csr
4) view and verify CSR values, this is optional step.
openssl req -noout -text -in zimbra.csr
5) copy & paste contents of zimbra.csr to godaddy as needed.
6) download domain_certificate.zip from godaddy as needed.
7) unzip file should be 2 files www.domain.com.crt and gd_bundle.crt
8) make copy of www.domain.com.crt to commercial.crt to make things clean.
cp www.domain.com.crt commercial.crt
10) copy new key to zimbra path, MAY want to backup current key first.
cp zimbra.key /opt/zimbra/ssl/zimbra/commercial/commercial.key
11) verify crt from working dir or fix the paths below.
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key commercial.crt gd_bundle.crt
12) if verify step above is okay, deploy certificate.
/opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt gd_bundle.crt
13) Cross your fingers and read the results of the deployment.
14) restart zimbra, reboot server etc.
These steps appear to work for us, using Zimbra 5.0.18 NE (expired lic)