Quote:
|
Originally Posted by marcmac Have you tried recreating your certificates? |
Hope I did this right.
I found another thread in the forum regarding certificates, where u (Marmac) told someone to do this:
Code:
as root:
cd ~zimbra
mv ssl foo
mkdir ssl
chown zimbra ssl
as zimbra:
zmcreateca
zmcreatecert
find ssl/
Should have:
ssl/
ssl/ssl
ssl/ssl/ca
ssl/ssl/ca/ca.pem
ssl/ssl/ca/ca.srl.old
ssl/ssl/ca/ca.key
ssl/ssl/ca/ca.csr
ssl/ssl/ca/ca.srl
ssl/ssl/zmssl.cnf
ssl/ssl/cert
ssl/ssl/server
ssl/ssl/server/tomcat.crt
ssl/ssl/server/server.csr
ssl/ssl/server/tomcat.csr
ssl/ssl/server/server.key
ssl/ssl/server/server.crt
ssl/ssl/newCA
ssl/ssl/newCA/index.txt
ssl/ssl/newCA/newcerts
ssl/ssl/newCA/newcerts/02.pem
ssl/ssl/newCA/index.txt.old
zmcertinstall mailbox
zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key
I tried this and got a couple of errors
Code:
mail:~ # cd ~zimbra
mail:/opt/zimbra # mv ssl foo
mail:/opt/zimbra # mkdir ssl
mail:/opt/zimbra # chown zimbra ssl
mail:/opt/zimbra # su - zimbra
zimbra@mail:~> zmcreateca
** Creating CA private key
Generating a 1024 bit RSA private key
.++++++
..............++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/ca/ca.key'
-----
** Creating CA cert
Signature ok
subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=mail.yellodot.co.za
Getting Private key
unable to write 'random state'
zimbra@mail:~> zmcreatecert
** Importing CA
keytool error: java.lang.Exception: Certificate not imported, alias already exists
** Creating keystore
** Creating server cert request
Generating a 1024 bit RSA private key
..............++++++
.........++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request
Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2 (0x2)
Validity
Not Before: Mar 2 12:09:40 2006 GMT
Not After : Mar 2 12:09:40 2007 GMT
Subject:
countryName = US
stateOrProvinceName = N/A
organizationName = Zimbra Collaboration Suite
commonName = mail.yellodot.co.za
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
E2:2A:51:DE:72:22:C1:B5:FC:C8:05:FE:28:95:42:41:1C:36:07:04
X509v3 Authority Key Identifier:
DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=mail.yellodot.co.za
serial:00
Certificate is to be certified until Mar 2 12:09:40 2007 GMT (365 days)
Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=mail.yellodot.co.za
Getting CA Private Key
unable to write 'random state'
zimbra@mail:~> find ssl
ssl
ssl/ssl
ssl/ssl/ca
ssl/ssl/ca/ca.csr
ssl/ssl/ca/ca.key
ssl/ssl/ca/ca.pem
ssl/ssl/ca/ca.srl
ssl/ssl/ca/ca.srl.old
ssl/ssl/cert
ssl/ssl/zmssl.cnf
ssl/ssl/newCA
ssl/ssl/newCA/index.txt.old
ssl/ssl/newCA/index.txt
ssl/ssl/newCA/newcerts
ssl/ssl/newCA/newcerts/02.pem
ssl/ssl/newCA/index.txt.attr
ssl/ssl/server
ssl/ssl/server/server.crt
ssl/ssl/server/server.csr
ssl/ssl/server/server.key
ssl/ssl/server/tomcat.crt
ssl/ssl/server/tomcat.csr
zimbra@mail:~> zmcertinstall mailbox
** Importing server cert
keytool error: java.lang.Exception: Public keys in reply and keystore don't match
zimbra@mail:~> zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key
** Importing server cert
zimbra@mail:~>
I have to admit that it's mostly Greek to me!