Results 1 to 2 of 2

Thread: Cert Issue/Unable to set STARTTLS

  1. #1
    alteStore is offline Starter Member
    Join Date
    Jun 2008
    Posts
    2
    Rep Power
    7

    Post Cert Issue/Unable to set STARTTLS

    Hello!

    So it looks like our cert expired today as I started getting the error:

    Code:
    error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
    After doing a bit of reading of this forum, and browsing of the wiki, it looks like I could use the "Certificates" feature of the admin interface to make this all good. So I ran it, and the certificates look great from the admin interface, like:

    Code:
    Certificate for Zimbra ldap Service:
    Subject: 	/C=US/ST=N/A/O=Zimbra Collaboration Suite/CN=machine.tld.com
    Issuer:	/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite
    Validation Days: 	Jun 2 20:56:31 2008 GMT - Nov 19 20:56:31 2010 GMT
    However, after generate the certs and rebooting the server, the same error exists. Trying to verify that things look good, I checked what the ca directory looked like. Before it was just 3 files, but after using the admin interface it now looks like:

    Code:
    [root@zimbra log]# ls -Fla /opt/zimbra/ssl/zimbra/ca/
    total 48
    drwxr-----  3 zimbra zimbra 4096 Jun  2 16:56 ./
    drwxr-----  5 zimbra zimbra 4096 Jun  2 16:56 ../
    -rwxr-----  1 root   root    672 Jan 27 09:12 ca.csr*
    -rwxr-----  1 root   root    887 Jan 27 09:12 ca.key*
    -rwxr-----  1 root   root    785 Jan 27 09:12 ca.pem*
    -rw-r-----  1 root   root     11 Jun  2 16:56 ca.srl
    -rw-r--r--  1 root   root     11 Jun  2 16:56 ca.srl.old
    -rw-r-----  1 root   root    107 Jun  2 16:56 index.txt
    -rw-r-----  1 root   root     21 Jun  2 16:56 index.txt.attr
    -rwxr-----  1 root   root      0 Jan 27 09:12 index.txt.old*
    drwxr-----  2 zimbra zimbra 4096 Jun  2 16:56 newcerts/
    -rwxr-----  1 zimbra zimbra 7678 Jan 27 09:17 zmssl.cnf*
    And using openssl, the ca.pem file has *not* been updated/is the same as before I did the admin program.

    I don't want to touch anything else, for fear of messing things up further. Any suggestions? (I'm on version 5.0.1_GA) This error is unfortunately messing up our ability to receive email, and any help would be greatly appreciated.

    Thanks for your time,
    -Nick

  2. #2
    alteStore is offline Starter Member
    Join Date
    Jun 2008
    Posts
    2
    Rep Power
    7

    Default

    Just to followup, the solution in the wiki:

    Problem with Certificate can cause MTA Failure - Zimbra :: Wiki

    Solved our issue!
    -Nick

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  2. Update Received Date in Folder-Listing
    By Oswald-Kolle in forum Installation
    Replies: 25
    Last Post: 08-21-2007, 04:21 PM
  3. set https cert longer than 365 days
    By padraig in forum Developers
    Replies: 4
    Last Post: 05-09-2007, 06:54 AM
  4. SMTP SSL Problem
    By nexus in forum Installation
    Replies: 8
    Last Post: 03-15-2007, 07:26 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •