Zimbra

tvcian · #1 (**permalink**) 10-15-2008, 09:25 AM

Hello all,

First, thanks in advance for any help you might be able to give. I've been struggling mightily with this one issue and it could not have come at a worse time.

I am in the process of migrating my whole company from Exchange to Zimbra on CentOS 5.2 (Hurray!), however the From sorting is broken and I need to upgrade to 5.0.10 to get that addressed. When I upgrade to 5.0.10 however, I can not start zimbra, it failed while trying to start ldap with this error "TLS init def ctx failed: -1".

Digging a little deeper, I find that I am getting the following error when tring to start zimbra: TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:352

Appears to be SSL related, but I can not pin down what is exactly missing, or what file it can not find.

After 2 attempts and absolutely no success, I had to roll back to my backup, which of course works like clock work.

Does anyone have any insight that may help?

Again, thanks in advance.

quanah · #2 (**permalink**) 10-15-2008, 10:07 AM

The error generally indicates the cert files are not readable or don't exist, which the fopen error confirms.

tgx · #3 (**permalink**) 10-15-2008, 10:26 AM

Please see this thread and see if it helps.

http://www.zimbra.com/forums/adminis...e-problem.html

I think you've hit a known problem with 5.0.10. Be very careful when you upgrade as there are often gotchas.

tvcian · #4 (**permalink**) 10-21-2008, 08:10 AM

Thanks so much for the info, I think Im prepared to have another go at it.

Is there a command or series of commands I can use to create and install new certificates to resolve this issue?

I am going to try the upgrade again this weekend, and in the worst case scenario, Id like to have a backup plan.

uxbod · #5 (**permalink**) 10-21-2008, 08:33 AM

Recreate a self-signed certificate.

tvcian · #6 (**permalink**) 10-21-2008, 08:43 AM

I was afraid Id get that answer.

I tried that already, step by step, and it did not resolve the problem. Zimbra would not start and the error remained the same.

tgx · #7 (**permalink**) 10-21-2008, 01:10 PM

Quote:

Originally Posted by tvcian

I was afraid Id get that answer.

I tried that already, step by step, and it did not resolve the problem. Zimbra would not start and the error remained the same.

Did you try this from the "5.0.10 upgrade problem" thread ?:

-----------------------------------------------------------
As per support instructions the fix was:

1) Clear all the contents of the /opt/zimbra/conf/ca directory by backing them up
somewhere on disk.
2) Copy the /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/conf/ca/ca.key
3) Copy /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/conf/ca/ca.pem
4) Create the hash value
ln -f -s ca.pem /opt/zimbra/conf/ca/`openssl x509 -hash -noout -in
/opt/zimbra/conf/ca/ca.pem`.0
5) Chmod 644 /opt/zimbra/conf/ca/*
6) Restart the zmcontrol
--------------------------------------------------------

tvcian · #8 (**permalink**) 10-21-2008, 02:05 PM

Thanks very much. Ill certainly try that on my next attempt.

jars99 · #9 (**permalink**) 11-25-2008, 01:03 AM

Problem still exists - fix works

I just upgraded from 5.0.6 to 5.0.11, and had this exact problem. I followed the instructions on the post above (as the root user, restarting zimbra as the zimbra user), and now it looks like everything's working.

Can a fix be applied so other people don't have this problem?

frankb · #10 (**permalink**) 12-02-2008, 06:10 PM

I Could not get into Zimbra from browser, zmcontrol showed everything down was receiving many errors one of which was: zimbra TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:352

1. I removed ssl folder and recreated etc by doing the following:
(Base on Recreating a Self-Signed SSL Certificate - Zimbra :: Wiki)

As Root:
rm -rf /opt/zimbra/ssl
mkdir /opt/zimbra/ssl
chown zimbra:zimbra /opt/zimbra/ssl
chown zimbra:zimbra /opt/zimbra/java/jre/lib/security/cacerts
chmod 644 /opt/zimbra/java/jre/lib/security/cacerts

As zimbra:
keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass zimbra
zmlocalconfig -s -m nokey mailboxd_keystore_password

As root:
/opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr deployca -localonly
/opt/zimbra/bin/zmcertmgr createcrt self -new
/opt/zimbra/bin/zmcertmgr deploycrt self

As zimbra
zmcontrol start

2. THen I followed the following steps:

--Clear all the contents of the /opt/zimbra/conf/ca directory by backing them up somewhere
--Copy the /opt/zimbra/ssl/zimbra/ca/ca.key /opt/zimbra/conf/ca/ca.key
--Copy /opt/zimbra/ssl/zimbra/ca/ca.pem /opt/zimbra/conf/ca/ca.pem
--Create the hash value by doing the following
--ln -f -s ca.pem /opt/zimbra/conf/ca/`openssl x509 -hash -noout -in
--/opt/zimbra/conf/ca/ca.pem`.0
--chmod 644 /opt/zimbra/conf/ca/*
--Restart the zmcontrol

3. I restarted zimbra (su zimbra then zmcontrol restart) and everyting came up ok.

Zimbra

Downloads

Product Information

Toolbox

Why Join?