Results 1 to 4 of 4

Thread: [SOLVED] Self Signed Certificate Renewal

  1. #1
    royqoro is offline New Member
    Join Date
    Jun 2009
    Posts
    4
    Rep Power
    5

    Default [SOLVED] Self Signed Certificate Renewal

    Hi,

    The selfsigned certificate will expire today (05 Jan 2010) @ about 0700H GMT. Having known the expiry date, I renew the selfsigned certificate yesterday. Renewal using the admin GUI is successful as reflected on the new validation date. I thought everything is going fine.

    However, just recently at about same time as the previous expiry (o5 Jan 2010) the mail server stops sending and receiving mails. I look at the logs and I noticed continous messages like " mail kernel: IPT TCPDUMP: IN=eth0 OUT= MAC=00:1b:b9:86:bf:2f:00:1e:58:31:bc:70:08:00 SRC=201.13.69.111 DST=xxx.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=24963 DF PROTO=TCP SPT=13411 DPT=17088 WINDOW=65535 RES=0x00 SYN URGP=0

    i suspect that this is because of the certificate.

    Could somebody form zimbra help me restore on this.

    Installed server:
    Zimbra Open Source Release 5.0.0_GA_1869.RHEL5_64_20071218190015
    OS is Fecora Rel 9
    I have about 20 mail users

    Appreciate some support.

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Have you restarted ZCS since you re-created the SSC ?

  3. #3
    royqoro is offline New Member
    Join Date
    Jun 2009
    Posts
    4
    Rep Power
    5

    Default

    yes. I use zmcontrol stop/start.

    Using the admin console and view certificate, it shows that the validation date has been updated. However, I am not able to send and receive email..I always get this "mail kernel IPT TCPDump logs..."

    I tried to use zmprov ca test123@domain password ---to check if i have an expered certificate and this is the error:

    [] ERROR: java.security.cert.CertificateExpiredException: NotAfter: Sun Dec 27 23:33:05 PHT 2009
    ERROR: zclient.IO_ERROR (invoke java.security.cert.CertificateException: Untrusted Server Certificate Chain, server: localhost) (cause: javax.net.ssl.SSLHandshakeException java.security.cert.CertificateException: Untrusted Server Certificate Chain)

    If i use zmcertmgr veiwdeployedcrt all and i got this result:

    [root@mail server]# /opt/zimbra/bin/zmcertmgr viewdeployedcrt all
    ::service mta::
    notBefore=Jan 6 07:02:38 2010 GMT
    notAfter=Jan 6 07:02:38 2011 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
    SubjectAltName=
    ::service proxy::
    notBefore=Jan 6 07:02:38 2010 GMT
    notAfter=Jan 6 07:02:38 2011 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
    SubjectAltName=
    ::service mailboxd::
    notBefore=Jan 6 07:02:38 2010 GMT
    notAfter=Jan 6 07:02:38 2011 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
    SubjectAltName=
    ::service ldap::
    notBefore=Jan 6 07:02:38 2010 GMT
    notAfter=Jan 6 07:02:38 2011 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
    SubjectAltName=


    Need some help please...
    Last edited by royqoro; 01-06-2010 at 01:40 AM.

  4. #4
    royqoro is offline New Member
    Join Date
    Jun 2009
    Posts
    4
    Rep Power
    5

    Default

    Thanks for all the posts. I've got the problem solved.

    I just follow the guide on this link.
    Problem with Certificate can cause MTA Failure - Zimbra :: Wiki

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: 11-03-2009, 03:12 AM
  2. Commercially signed certificate
    By rpc in forum Installation
    Replies: 1
    Last Post: 10-06-2008, 09:24 AM
  3. Installing Commercially signed Certificate.
    By ayush1440 in forum Administrators
    Replies: 2
    Last Post: 09-15-2008, 09:44 PM
  4. Replies: 1
    Last Post: 11-05-2007, 06:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •