Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: After installing certificate, Zimbra (slapd) can't start

  1. #1
    gerwin is offline Member
    Join Date
    Jan 2009
    Posts
    12
    Rep Power
    6

    Default After installing certificate, Zimbra (slapd) can't start

    Hya guys,

    In the process of setting up a Zimbra test pilot, we tried to install an official certificate.
    After doing this and doing zmcontrol start it Zimbra fails to start up.

    It give the following error:

    ----------------------------------------------------------------------
    [zimbra@office ~]$ zmcontrol start
    Host XXXX.digitalus.nl
    Starting ldap...Done.
    FAILED
    Failed to start slapd. Attempting debug start to determine error.
    TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:356
    TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:358
    main: TLS init def ctx failed: -1
    -----------------------------------------------------------------------

    The SSL certicates test was oke:
    ------------------------------------------------------------------------
    [root@office ssl]# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
    ** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial.key
    Certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial.key) match.
    Valid Certificate: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK
    -------------------------------------------------------------------------

    Could anyone tell me what's this causing? Sollutions on this forum did not helped.

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

  3. #3
    gerwin is offline Member
    Join Date
    Jan 2009
    Posts
    12
    Rep Power
    6

    Default

    Thanks for the quick reply, we are using:

    Release 5.0.12_GA_2789.RHEL5_20090126051426 CentOS5

    And installed a RapidSSL (so not the QuickSSL) certificate (Equifax/Geotrust I believe).

  4. #4
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

  5. #5
    gerwin is offline Member
    Join Date
    Jan 2009
    Posts
    12
    Rep Power
    6

    Default

    I tried the root certificate you told me to use:

    [zimbra@office ssl]$ sudo zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
    ** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: commercial.crt: OK
    ** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.

    But slapd refuses to start ....

  6. #6
    Dirk's Avatar
    Dirk is offline Moderator
    Join Date
    May 2006
    Location
    England.
    Posts
    927
    Rep Power
    10

    Default

    I think I've had similar problems, slapd was giving a certificate related error for me so I followed the info here Recreating a Self-Signed SSL Certificate - Zimbra :: Wiki (i think) and removed the certs and replaced them with selfsigned ones. That allowed everything to start up ok and from there you can try to get the real cert back on. It's not a fix, but if you need to get the server up then it should help.

  7. #7
    gerwin is offline Member
    Join Date
    Jan 2009
    Posts
    12
    Rep Power
    6

    Default

    Thanks for all the help but this ain't gonna work. Even after recreating a self-signed request slapd spits out the same error.

    Because there is no data yet on this server, it's possible for us to reintstall the server.
    Maybe thats the best "sollution" ....

  8. #8
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Yes you can re-install over the top of the server. It will save your old config first, and then re-apply once installed. It would be worth taking a backup first though.

  9. #9
    gerwin is offline Member
    Join Date
    Jan 2009
    Posts
    12
    Rep Power
    6

    Default

    Reinstalled the stuff, all is up. But I have to admit that getting SSL up and running is a really hard job in Zimbra. I did all steps (web):
    - create a CSR for commercial certificate
    - send CSR to Geotrust
    - received certificate
    - in webmin: install commercial certificate
    - upload both ceriticate and root ca
    - *** Error ***

  10. #10
    gerwin is offline Member
    Join Date
    Jan 2009
    Posts
    12
    Rep Power
    6

    Default

    Guys thanks for all the help! We have it working .... The web function didn't worked first, but trying to do it the CLI way, it worked suddenly. Thanks again for the help

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 9
    Last Post: 03-01-2008, 08:21 PM
  2. zmperditionctl start asking for password
    By k7sle in forum Administrators
    Replies: 32
    Last Post: 02-20-2008, 11:13 AM
  3. Replies: 31
    Last Post: 12-15-2007, 09:05 PM
  4. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  5. svn version still won't start
    By kinaole in forum Developers
    Replies: 0
    Last Post: 10-04-2006, 06:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •