Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: [SOLVED] 5.0.7 Upgrade Failure - when hostname of server does not match cert

  1. #1
    hurstel is offline Senior Member
    Join Date
    Oct 2007
    Posts
    68
    Rep Power
    7

    Default [SOLVED] 5.0.7 Upgrade Failure - when hostname of server does not match cert

    I attempted to upgrade ZCS 5.0.6NE to 5.0.7 tonight and everything was gonig normal like all the other installs but then I started getting a massive amount of these errors.


    ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLPeerUnverifiedException hostname of the server 'notthereal.servername' does not match the hostname in the server's certificate.)

    It tried to continue and finish the install.

    When I tired starting the server up, I got this error

    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Unable to determine enabled services from ldap.

    and then everything started up but I cannot connect.

    I have called support and also submitted a case via email.


  2. #2
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Handled by support - he'll update the thread later with details after some sleep.

  3. #3
    hurstel is offline Senior Member
    Join Date
    Oct 2007
    Posts
    68
    Rep Power
    7

    Default

    Thanks very much to mmorse and network support person Jason Bryan I'm back up and running with 5.0.7. Jason filed a very detailed bug description and I think that best explains everything. Thanks!

    Bug 29600


    Hurstel

  4. #4
    janderson is offline Active Member
    Join Date
    Jul 2007
    Posts
    36
    Rep Power
    8

    Default

    Would we be safe from this bug if the host name does not match, but the web access url is listed as an alt name in the cert?

  5. #5
    cjstone is offline Intermediate Member
    Join Date
    Jul 2006
    Posts
    23
    Rep Power
    9

    Default

    About the possible fix in the bug report...

    I have a name mismatch cert on my test server, and the install didn't complete for me until I ran zmlocalconfig -e zimbra_require_interprocess_security=0.

    That is, it appears to me that zmlocalconfig -e ssl_allow_untrusted_certs=TRUE does not allow for name mismatches. (I tried that first, without success).

    --Chris

  6. #6
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    will this fail on a wildcart cert? (*.domain.com)

  7. #7
    tonster is offline Zimbra Employee
    Join Date
    Dec 2007
    Location
    Ypsilanti, MI
    Posts
    144
    Rep Power
    7

    Smile Upgrade Failure answers!

    janderson,

    This would work fine as long as the server hostname (not necessarily the name you access the server from via http, imap, pop, etc) is either listed as the primary hostname or the SubjectAltName of the certificate.

    cjstone,

    You're correct. ssl_allow_untrusted_certs=TRUE is NOT a good workaround. We're working on correcting some code to allow that setting to work in 5.0.8.

    bdial,

    Wildcard certificates will work correctly.

  8. #8
    dlbewley is offline Senior Member
    Join Date
    Sep 2006
    Location
    Davis, CA
    Posts
    64
    Rep Power
    8

    Default

    Should you maybe point to this thread from the following announcement thread?
    5.0.7 NE Released!

    I've scheduled downtime on Friday to upgrade from 4.5.9, is there any chance (a safe) 5.0.8 will be out by then? There look to be some useful calendar fixes in 5.0.7.

  9. #9
    janderson is offline Active Member
    Join Date
    Jul 2007
    Posts
    36
    Rep Power
    8

    Default

    tonster, thanks for clearing that up!

  10. #10
    inigoml's Avatar
    inigoml is offline Project Contributor
    Join Date
    Aug 2006
    Location
    Madrid, Spain
    Posts
    124
    Rep Power
    8

    Default

    Same problem here when upgrading from 5.0.5 to 5.0.7.
    Fortunately, I've not found problems to revert to 5.0.5 but I prefer to wait until 5.0.8 arrives instead of try to ugrade again applying workarounds.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM
  2. Error after installation
    By robsontuxlinux in forum Installation
    Replies: 13
    Last Post: 09-11-2008, 09:48 PM
  3. Upgrade to 3.0.1_GA_160 broke
    By jwilso2 in forum Installation
    Replies: 2
    Last Post: 02-24-2006, 09:44 AM
  4. system failure: getDirectContext
    By avisser in forum Installation
    Replies: 3
    Last Post: 10-12-2005, 05:32 AM
  5. Insallation failed (Debian server)
    By popui007 in forum Installation
    Replies: 5
    Last Post: 09-29-2005, 02:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •