Thread: ZCS Network Install: Was working, now possibly broken due to SSL?
View Single Post
  #1 (permalink)  
Old 08-08-2009, 01:21 PM
pilot006 pilot006 is offline
Starter Member
  
Posts: 1
Default ZCS Network Install: Was working, now possibly broken due to SSL?
Hi,

We're in the process of trialing ZCS as a replacement for our 5000 user exchange environment. The install was functioning without an issue, and some work was done yesterday to enable SSL. The certificate looked to be invalid and nothing further was done. This morning our pilot group complained that all Zimbra-based services (POP3, IMAP, Web, XMPP) no longer work. I restarted the server and the zimbra service, and the services still do not work. I checked the logs and I'm seeing errors related to LDAP and SSL:

Sat Aug 8 15:07:40 2009 Skipping getAllMtaAuthURLs ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
Sat Aug 8 15:07:43 2009 Skipping Configuration for server zimbra.golub.com update.
Sat Aug 8 15:07:43 2009 gs:zimbra.golub.com ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
Sat Aug 8 15:07:43 2009 Sleeping...Key lookup failed.
Sat Aug 8 15:07:52 2009 Skipping Global system configuration update.
Sat Aug 8 15:07:52 2009 gacf ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
Sat Aug 8 15:07:56 2009 Skipping All Reverse Proxy URLs update.
Sat Aug 8 15:07:56 2009 Skipping getAllReverseProxyURLs ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
Sat Aug 8 15:08:00 2009 Skipping All Reverse Proxy Backends update.
Sat Aug 8 15:08:00 2009 Skipping getAllReverseProxyBackends ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)


I've tried searching for similar issues but haven't found a direct resolution. Again, this install was working great until some SSL handling changes were attempted yesterday. Is it possible even though the certificate wasn't valid, certain modules are attempting to use SSL and it's not working?
Reply With Quote