[SOLVED] Self Signed Certificate Renewal

[royqoro]

Hi,

The selfsigned certificate will expire today (05 Jan 2010) @ about 0700H GMT. Having known the expiry date, I renew the selfsigned certificate yesterday. Renewal using the admin GUI is successful as reflected on the new validation date. I thought everything is going fine.

However, just recently at about same time as the previous expiry (o5 Jan 2010) the mail server stops sending and receiving mails. I look at the logs and I noticed continous messages like " mail kernel: IPT TCPDUMP: IN=eth0 OUT= MAC=00:1b:b9:86:bf:2f:00:1e:58:31:bc:70:08:00 SRC=201.13.69.111 DST=xxx.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=24963 DF PROTO=TCP SPT=13411 DPT=17088 WINDOW=65535 RES=0x00 SYN URGP=0

i suspect that this is because of the certificate.

Could somebody form zimbra help me restore on this.

Installed server:
Zimbra Open Source Release 5.0.0_GA_1869.RHEL5_64_20071218190015
OS is Fecora Rel 9
I have about 20 mail users

Appreciate some support.

[uxbod]

Have you restarted ZCS since you re-created the SSC ?

[royqoro]

yes. I use zmcontrol stop/start.

Using the admin console and view certificate, it shows that the validation date has been updated. However, I am not able to send and receive email..I always get this "mail kernel IPT TCPDump logs..."

I tried to use zmprov ca test123@domain password ---to check if i have an expered certificate and this is the error:

[] ERROR: java.security.cert.CertificateExpiredException: NotAfter: Sun Dec 27 23:33:05 PHT 2009
ERROR: zclient.IO_ERROR (invoke java.security.cert.CertificateException: Untrusted Server Certificate Chain, server: localhost) (cause: javax.net.ssl.SSLHandshakeException java.security.cert.CertificateException: Untrusted Server Certificate Chain)

If i use zmcertmgr veiwdeployedcrt all and i got this result:

[root@mail server]# /opt/zimbra/bin/zmcertmgr viewdeployedcrt all
::service mta::
notBefore=Jan 6 07:02:38 2010 GMT
notAfter=Jan 6 07:02:38 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
SubjectAltName=
::service proxy::
notBefore=Jan 6 07:02:38 2010 GMT
notAfter=Jan 6 07:02:38 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
SubjectAltName=
::service mailboxd::
notBefore=Jan 6 07:02:38 2010 GMT
notAfter=Jan 6 07:02:38 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
SubjectAltName=
::service ldap::
notBefore=Jan 6 07:02:38 2010 GMT
notAfter=Jan 6 07:02:38 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mybe.com.ph
SubjectAltName=


Need some help please...

[royqoro]

Thanks for all the posts. I've got the problem solved.

I just follow the guide on this link.
Problem with Certificate can cause MTA Failure - Zimbra :: Wiki