Zimbra - Forums - View Single Post - [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure

tobru · #27 (**permalink**) 12-30-2007, 09:50 AM

I could successfully resolve all troubles with receiving mails with the above steps.

After that I had another problem and had to restore the previous installation (RC1).

Then I upgraded again to GA and had the same problem with the STARTTLS Connect error. So I followed these steps once again, but it didn't work this time...

All commands are OK (createca, etc), no errors.

Code:

root@james:/opt/zimbra/ssl# /opt/zimbra/bin/zmcertmgr createca
** Creating directory /opt/zimbra/ssl/zimbra
** Creating directory /opt/zimbra/ssl/zimbra/ca
** Creating directory /opt/zimbra/ssl/zimbra/server
** Creating directory /opt/zimbra/ssl/zimbra/commercial
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
** Retrieving CA private key from ldap...failed.
** Retrieving CA cert from ldap...failed.
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
root@james:/opt/zimbra/ssl# /opt/zimbra/bin/zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Saving CA in ldap...done.
** Copying CA to /opt/zimbra/conf/ca...done.
root@james:/opt/zimbra/ssl# /opt/zimbra/bin/zmcertmgr install self -new
** Generating a server csr for download
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20071230180147
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Installing Certificates from /opt/zimbra/ssl/zimbra/server/server.crt
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20071230180147
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Installing CA to /opt/zimbra/conf/ca...done.

But everything I see in the log is:

Code:

Dec 30 17:39:15 james postfix/smtpd[10154]: connect from mail.gmx.net[213.165.64.20]
Dec 30 17:39:23 james postfix/trivial-rewrite[10158]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Dec 30 17:39:23 james last message repeated 2 times
Dec 30 17:39:23 james postfix/trivial-rewrite[10158]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
Dec 30 17:39:24 james postfix/smtpd[9651]: warning: problem talking to service rewrite: Success
Dec 30 17:39:24 james postfix/smtpd[10154]: warning: problem talking to service rewrite: Connection reset by peer
Dec 30 17:39:24 james postfix/master[9432]: warning: process /opt/zimbra/postfix-2.4.3.3z/libexec/trivial-rewrite pid 10158 exit status 1
Dec 30 17:39:24 james postfix/master[9432]: warning: /opt/zimbra/postfix-2.4.3.3z/libexec/trivial-rewrite: bad command startup -- throttling

Code:

127.0.0.1       localhost.localdomain localhost
10.0.0.4        james.tobru.ch james

Has anyone an idea what else could be wrong?

Thanks a lot
Best Regards,
Tobias