Installed Zimbra 6.0.1 NE on RHEL 5 and restored our system/accounts from another server (Zimbra 6.0.1 on Mac OS X 10.4); went great. Tried to install a certificate from GoDaddy.com; which I have done about 7-8 times before on previous versions (always 5.0+) including Mac server (6.0), and never had a problem like this.
Lots of great help in the forums; since godaddy now requires 2048 bit keys in csr, I used
Code:
/opt/zimbra/bin/zmcertmgr createcsr comm -keysize 2048 -new "/C=Country/ST=State/L=City/O=XXX/OU=XXX/CN=xxx.xxx.com" -subjectAltNames "xxx.xxx.com"
From here I proceeded to use the admin consule to install the godaddy tomcat cert as follows:
Certificate: xxx.xxx.com.crt
Root: gd_bundle.crt
First Intermediate: gd_cross_intermediate.crt
Second Intermediate: gd_intermediate.crt
I know the wiki and others have used different chaining here, but this is what I found to work numerous version ago and has worked until now. The strange thing is that all seems to work, certificates install and it isn't until I do zmcontrol stop/start that I get
Code:
Host xxx.xxx.com
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
which renders zimbra useless. I even tried to recreate a self-signed certificate but without the ldap running parts fail and I can't get Zimbra running again unless I uninstall/reinstall.
This is the only other post with my exact error (signature check failed):
Code:
noviimail zimbramon[5443]: 5443:info: zmmtaconfig: gacf ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
I have looked at numerous posts on godaddy/SSL; ldap failed to start, PKIX path building, and some other things. Nothing has worked as of yet, but am open to thoughts, ideas, and suggestions.