I decided to try this again. This time I verified that everything was perfect -- I have the correct certificate file, the correct root CA, the correct key. I checked everything over and over with zmcertmgr and it all checked out perfectly.
Then, I used zmcertmgr to install the certificate and the CA certificate, and it was successful. Restarting Zimbra causes certain death.
Code:
zimbra@Zimbra:~/bin$ zmcontrol start
Host zimbra.divergentsystems.net
Starting ldap...Done.
FAILED
Failed to start slapd. Attempting debug start to determine error.
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:356
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:358
main: TLS init def ctx failed: -1 I've spent days reading all the documentation and troubleshooting tips. Absolutely nothing works. I have upgraded to v5.0.13 a couple of weeks ago, and all was working well.
When I issue `/opt/zimbra/bin/zmcertmgr viewdeployedcrt`:
Code:
::service mta::
notBefore=Jan 30 17:52:00 2009 GMT
notAfter=Jan 31 17:52:00 2010 GMT
subject= /C=US/O=zimbra.divergentsystems.net/OU=GT28814049/OU=See www.rapidssl.com/resources/cps (c)09/OU=Domain Control Validated - RapidSSL(R)/CN=zimbra.divergentsystems.net
issuer= /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
SubjectAltName=
::service proxy::
notBefore=Jan 30 17:52:00 2009 GMT
notAfter=Jan 31 17:52:00 2010 GMT
subject= /C=US/O=zimbra.divergentsystems.net/OU=GT28814049/OU=See www.rapidssl.com/resources/cps (c)09/OU=Domain Control Validated - RapidSSL(R)/CN=zimbra.divergentsystems.net
issuer= /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
SubjectAltName=
::service mailboxd::
notBefore=Jan 30 17:52:00 2009 GMT
notAfter=Jan 31 17:52:00 2010 GMT
subject= /C=US/O=zimbra.divergentsystems.net/OU=GT28814049/OU=See www.rapidssl.com/resources/cps (c)09/OU=Domain Control Validated - RapidSSL(R)/CN=zimbra.divergentsystems.net
issuer= /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
SubjectAltName=
::service ldap::
notBefore=Jan 30 17:52:00 2009 GMT
notAfter=Jan 31 17:52:00 2010 GMT
subject= /C=US/O=zimbra.divergentsystems.net/OU=GT28814049/OU=See www.rapidssl.com/resources/cps (c)09/OU=Domain Control Validated - RapidSSL(R)/CN=zimbra.divergentsystems.net
issuer= /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
SubjectAltName=
So what's wrong? Why won't slapd start? Why does a perfectly good certificate totally trash my Zimbra instance? Am I on my own planet, here?