I just finished deploying a RapidSSL commercial certificate and decided to document it publicly in case someone needs it Feel free to copy and use.
I used OpenSSL to do the job since my service IP and DNS name are different from my server name (which is strongly recommended in production services anyway) and Zimbra certificate tools put the server DNS name in the subject no matter what I put as arguments. Besides it was very simple to do with OpenSSL.
Those are actual steps I made so it should be tested and working. But please comment if you find any mistakes there.
PS. I tried to contact Zimbra about developing a driver to connect it to NetIQ Identity Manager but nobody answered. Things like that are important for Zimbra to be taked as a serious alternative to likes of Exchange. All big organizations do have an identity management system and appreciate compatibility.