Installing a certificate on Zimbra 9 and I get the following error message:

** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1):
Error creating PKCS12 MAC; no PKCS12KDF support?
Use -nomac if MAC not required and PKCS12KDF support not available.
80A2D013DE7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (PKCS12KDF : 188), Properties ()
80A2D013DE7F0000:error:1180006B:PKCS12 routines:pkcs12_gen_mac:key gen error:crypto/pkcs12/p12_mutl.c:147:
80A2D013DE7F0000:error:1180006D:PKCS12 routines:PKCS12_set_mac:mac generation error:crypto/pkcs12/p12_mutl.c:220:

Edit /opt/zimbra/bin/zmcertmgr file, go to the line 1817, and add the option “-nomac” to the @out array, like this:

  @out = $self->run(
            $self->Openssl, "pkcs12", "-inkey", $keyf,
            "-in",          $crtf,    "-name",  $server,
            "-export",      "-out",   $pkcsf,   "-passout",
            "pass:$kpass",  "-nomac", "2>&1"
        );

Repeat for line 1878

Now su zimbra and use the zmcertmgr command to install the certificate

Reference: https://community.zextras.com/forum/zimbra-ose-howto/error-openssl-pkcs12-export-to-opt-zimbra-ssl-zimbra-jetty-pkcs12-failed1/