Cant install any SSL Certs

[baradeithel]

Helllo Every One.

I purchased a server last year and the fellow that set it up for me and was mataing it decided to close up shop last summer and didn't tell and one one. I have zimbra is is installed on Mac OSX 10.4. I know that the server is 5.0 i think is .10. I i have a very limited understanding of sudo commands. i am getting a the fallow message from the server cert manganger when i try to install the new certs:

Message: system failure: exception during auth {RemoteManager: mail.amcmedical.com->zimbra@mail.amcmedical.com:22} Error code: service.FAILURE Method: GetCSRRequest Details:soap:Receiver

I did find a wiki its was as colse to the problem that i could find.: Mail Queue Monitoring - Zimbra :: Wiki

but my understanding of terminal commands is relay hampering with me. I have tryed installing 6.0.3 on a backup copy of the server that i had made but it dosen't seem to fix any thing and when i restart the server a coupple of the services do start backup. i would be happy using self sign ones if any one could help. I do appreciate any help any one can give me.

[phoenix]

You need to follow the instructions in the wiki article, all the step and commands you need are listed there.

[baradeithel]

Quote:

Originally Posted by phoenix

You need to follow the instructions in the wiki article, all the step and commands you need are listed there.

I have already tryed the informaition in that artice. But as stated earlyer I have a very limited knolage of terminal comands. THE artica dosent realy provide enough information i have try running most of the fallow with no resutls at all:

Regenerating Keys
To regenerate the ssh keys, on all hosts (as the zimbra user):

zmsshkeygen
To deploy the keys, on all hosts (as the zimbra user):

zmupdateauthkeys
Verifying sshd configuration
The authentication method assumes that sshd on the mta is running on port 22, and that RSA Authentication is enabled. You can test the ssh command with:

ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
(Swap MAIL.DOMAIN.COM for your hostname, as it appears in the error).

You should NOT be prompted for a password; if you are, recreate the ssh keys and retry the test.

If you're not running sshd on port 22, modify the zimbraRemoteManagementPort attribute on the server:

zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 2222
Verify in /etc/sshd_config that the zimbra user is an allow user

AllowUsers admin zimbra
Note: applying this change resulted in not being to ssh as root. Should we add root to the list of AllowUsers!

/etc/hosts.allow
The Zimbra hostname may be different than the system. Add the Zimbra hostname to /etc/hosts.allow.

ALL: zimbra.domain.tld
Another cause, Zimbra account has been disabled
If the above steps do not work then enable verbose output for ssh with:

ssh -vi .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
If the output from ssh indicates that Next authentication method: password as below, then the Zimbra account may be locked.

debug1: Next authentication method: publickey
debug1: Offering public key: /opt/zimbra/.ssh/zimbra_identity
debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: password
zimbra@MAIL.DOMAIN.COM's password:
To verify this, as root check /etc/shadow. Locate the zimbra account. If the account has one or more ! in the line then the account is locked. zimbra:!!:13634:0:99999:7:::

Use this command to unlock the zimbra account (or you can edit the shadow file directly and remove them).

usermod -U zimbra
Then check /etc/shadow again, there should be no ! for the zimbra account. You may need to do this multiple times to remove the ! and unlock the account.

Once the account is unlocked, this command should work (it did for us!).

ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM

[baradeithel]

Quote:

Originally Posted by baradeithel

I have already tryed the informaition in that artice. But as stated earlyer I have a very limited knolage of terminal comands. THE artica dosent realy provide enough information i have try running most of the fallow with no resutls at all:

Regenerating Keys
To regenerate the ssh keys, on all hosts (as the zimbra user):

zmsshkeygen
To deploy the keys, on all hosts (as the zimbra user):

zmupdateauthkeys
Verifying sshd configuration
The authentication method assumes that sshd on the mta is running on port 22, and that RSA Authentication is enabled. You can test the ssh command with:

ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
(Swap MAIL.DOMAIN.COM for your hostname, as it appears in the error).

You should NOT be prompted for a password; if you are, recreate the ssh keys and retry the test.

If you're not running sshd on port 22, modify the zimbraRemoteManagementPort attribute on the server:

zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 2222
Verify in /etc/sshd_config that the zimbra user is an allow user

AllowUsers admin zimbra
Note: applying this change resulted in not being to ssh as root. Should we add root to the list of AllowUsers!

/etc/hosts.allow
The Zimbra hostname may be different than the system. Add the Zimbra hostname to /etc/hosts.allow.

ALL: zimbra.domain.tld
Another cause, Zimbra account has been disabled
If the above steps do not work then enable verbose output for ssh with:

ssh -vi .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
If the output from ssh indicates that Next authentication method: password as below, then the Zimbra account may be locked.

debug1: Next authentication method: publickey
debug1: Offering public key: /opt/zimbra/.ssh/zimbra_identity
debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
debug1: Next authentication method: password
zimbra@MAIL.DOMAIN.COM's password:
To verify this, as root check /etc/shadow. Locate the zimbra account. If the account has one or more ! in the line then the account is locked. zimbra:!!:13634:0:99999:7:::

Use this command to unlock the zimbra account (or you can edit the shadow file directly and remove them).

usermod -U zimbra
Then check /etc/shadow again, there should be no ! for the zimbra account. You may need to do this multiple times to remove the ! and unlock the account.

Once the account is unlocked, this command should work (it did for us!).

ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM

and yes i did replace the mail.domain.com with the right inforation