Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: [SOLVED] 5.0.9 -> 6.0.2 Migration problems

  1. #1
    jrefl5 is offline Advanced Member
    Join Date
    Nov 2007
    Location
    AZ, USA
    Posts
    205
    Rep Power
    7

    Angry [SOLVED] 5.0.9 -> 6.0.2 Migration problems

    Upgrade this AM, the upgrade wiped out my Go Daddy cert for the server.

    I have the 5.0.x versions on a backedup system.

    Any ideas on how to get them into the 6.0.2 system???


    I have a support contact opened but still no response.

    !!! Why is it that EVERY time we do an upgrade something goes bad????

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,569
    Rep Power
    57

  3. #3
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,373
    Rep Power
    10

    Default

    That's unfortunate for sure, but if you have the GoDaddy certs why not just reinstall them?

    The wiki lists the techniques for doing this via both the Admin Console and the commandline. We have seen this before ourselves, and while I am not trying to be an apologist for Zimbra, "it is what it is".

    Post again if you have problems reinstalling the cert.

    Also, when you categorized your support request, if you use the redirect method for users to log in, you are effectively down and IMHO would be entitled to U2 level support.

    Hope that helps,
    Mark

  4. #4
    jrefl5 is offline Advanced Member
    Join Date
    Nov 2007
    Location
    AZ, USA
    Posts
    205
    Rep Power
    7

    Default

    Phoenix, and LMStone

    I have access to the 5.0.x files to try your suggestions, problem is "Where did 5.0.x save the files needed?"

    Are you saying I need to go through the create csr , get cert, install cert again?

    I would like to reset the certs back from the 5.0 system.

    I also have copies of the certs i.e. *.crt files from Go Daddy, and the original *.csr file. but what about the keys used to generate those files.

  5. #5
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,373
    Rep Power
    10

    Default

    Quote Originally Posted by jrefl5 View Post
    Phoenix, and LMStone

    I have access to the 5.0.x files to try your suggestions, problem is "Where did 5.0.x save the files needed?"

    Are you saying I need to go through the create csr , get cert, install cert again?

    I would like to reset the certs back from the 5.0 system.

    I also have copies of the certs i.e. *.crt files from Go Daddy, and the original *.csr file. but what about the keys used to generate those files.
    If you have the *.crt files from GoDaddy, I'd just review the forum thread, the wiki article, and then after manually copying those files up to the Zimbra server, run the commandline tools to install the certs.

    In my experience, the only annoyingly tricky bit is concatenating in an editor the intermediate cert with the other cert; you can't do this on a Windows machine because the end-of-line CR/LF is different (carriage return/line feed).

    If you follow the wiki slavishly and then open up the new file in a editor to make sure the line breaks are correct, you will have no problems. (And you can guess how I found that one out...)

    Holler if you need help!

    All the best,
    Mark

  6. #6
    jrefl5 is offline Advanced Member
    Join Date
    Nov 2007
    Location
    AZ, USA
    Posts
    205
    Rep Power
    7

    Default Thanks

    The way I was reading things it appeared that I need to get a NEW cert.

    The steps Phoenix pointed to in his link did work using the existing *.crt files.



    I just wish that I did not hit a different problem every release, its why we sat on 5.0.9 (with the security patch) for so long.

  7. #7
    LMStone's Avatar
    LMStone is offline Moderator
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,373
    Rep Power
    10

    Default

    Quote Originally Posted by jrefl5 View Post
    The way I was reading things it appeared that I need to get a NEW cert.
    Sorry if you read my suggestions that way! If you paid for a valid commercial cert and it hasn't expired yet of course you should be able to continue to use it; no need to get a new one.

    The Zimbra upgrade/cert gone issue has hit us as well, and while it would be nice if Zimbra could fix this (there are some bug reports out there I have seen), reinstalling the existing certs is pretty quick and easy once you have done it once.

    There are other bugs and RFEs I'd rather see Zimbra developers work on ahead of this, so when we do a Zimbra upgrade we keep the cert files handy "just in case".

    All the best,
    Mark

  8. #8
    jrefl5 is offline Advanced Member
    Join Date
    Nov 2007
    Location
    AZ, USA
    Posts
    205
    Rep Power
    7

    Default

    Mark,
    It was a result of what I read in the link provided by Phoenix that cause me to make the wrong assumption. your second post set me straight and allowed me to follow the provided steps.
    Yes I'll defenatly be keeping all certs in a backup location, and having been burned I should be able to remember the solution.

    Thanks

  9. #9
    jrefl5 is offline Advanced Member
    Join Date
    Nov 2007
    Location
    AZ, USA
    Posts
    205
    Rep Power
    7

    Default 6.0.2 -> 6.0.6 Hear we go again!!!!

    Again zimbra upgrade trashed my Go Daddy cirts!!!!!

    How do I recover them????
    Code:
    ./zmcertmgr deploycrt comm /opt/zimbra/certs/commercial.crt /opt/zimbra/certs/commercial_ca.crt
    ** Verifying /opt/zimbra/certs/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/certs/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    XXXXX ERROR: Invalid Certificate: /opt/zimbra/certs/commercial.crt: /O=sb.state.az.us/OU=Domain Control Validated/CN=sb.state.az.us
    error 10 at 0 depth lookup:certificate has expired
    OK
    XXXXX ERROR: provided cert isn't valid.

  10. #10
    jrefl5 is offline Advanced Member
    Join Date
    Nov 2007
    Location
    AZ, USA
    Posts
    205
    Rep Power
    7

    Default OK ,here is another fix

    Code:
    cd /opt/zimbra/ssl/zimbra/commercial/
    cp commercial.crt /opt/zimbra/certs/
    cp commercial_ca.crt /opt/zimbra/certs/
    ./zmcertmgr deploycrt comm /opt/zimbra/certs/commercial.crt /opt/zimbra/certs/commercial_ca.crt
    ** Verifying /opt/zimbra/certs/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/certs/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /opt/zimbra/certs/commercial.crt: OK
    ** Copying /opt/zimbra/certs/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain /opt/zimbra/certs/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    stop and restart zimbra

    Why can't the upgrade see the com certs, and just use them, instead of creating a new self signed every ___ time!

    I'm not going to mark this solved as it's a reoccurring problem.
    Last edited by jrefl5; 04-21-2010 at 06:54 AM. Reason: comment about Solved/not-solved

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. GroupWise migration experience
    By nrc in forum Migration
    Replies: 3
    Last Post: 08-24-2010, 12:41 AM
  2. Replies: 10
    Last Post: 10-29-2009, 08:56 PM
  3. [SOLVED] GroupWise 7.0.2 migration
    By Rich Graves in forum Migration
    Replies: 28
    Last Post: 04-17-2008, 04:13 PM
  4. [SOLVED] NE Migration: SMTP AUTH Failure
    By markpr in forum Installation
    Replies: 14
    Last Post: 10-03-2007, 12:51 PM
  5. exchange 2000 migration problems
    By tleong in forum Administrators
    Replies: 3
    Last Post: 02-21-2007, 11:20 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •