[SOLVED] Transfer SSL certificates between servers

[Blinkiz]

I was following this guide Transfer SSL certificates between servers - Zimbra :: Wiki on how to transfer certificate between servers.
Am transferring from 5.0.2x to 6.0.4.


After running this command ./zmcertmgr deploycrt comm, I get this:

Code:

root@mail:/opt/zimbra/bin# ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/ssl/zimbra/commercial/commercial_ca.crt 
** Verifying /sslbk/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/sslbk/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /sslbk/ssl/zimbra/commercial/commercial.crt: OK
** Copying /sslbk/ssl/zimbra/commercial/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain //sslbk/ssl/zimbra/commercial/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Saving server config key zimbraSSLCertificate...failed.
** Saving server config key zimbraSSLPrivateKey...failed.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.

After this, I ran the command zmcontrol start and got this:

Code:

zimbra@mail:~$ zmcontrol start
Host mail.nhagman.info
	Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
	Starting logger...Failed.
Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
zimbra logger service is not enabled!  failed.


	Starting mailbox...Done.
	Starting antispam...Done.
	Starting antivirus...Done.
	Starting snmp...Done.
	Starting spell...Done.
	Starting mta...Done.
	Starting stats...Done.

I also restarted my machine and run the command zmcontrol status and got this:

Code:

zimbra@mail:~$ zmcontrol status
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Host mail.nhagman.info
	antispam                Running
	antivirus               Running
	ldap                    Running
	logger                  Stopped
		zmlogswatchctl is not running
	mailbox                 Stopped
		zmmailboxdctl is not running.
	mta                     Running
	snmp                    Running
	spell                   Running
	stats                   Running

Please advice.

[Blinkiz]

After running this code, it started to work.

Code:

/opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /sslbk/zimbra/commercial/commercial.crt

I got the solution from another thread. Can someone please explain -storepass changeit, because I did not change it..
Anyway, the wiki guide is probably incorrect for zimbra 6.0.x.

[phoenix]

Quote:

Originally Posted by Blinkiz

Can someone please explain -storepass changeit, because I did not change it...

keytool "-storepass changeit " manpage - Google Search

[phoenix]

Quote:

Originally Posted by Blinkiz

phoenix, try to be polite for ones and try to help out without pressing the asking person down..
Zimbra forum should be a nice collection of help topics about anything related to Zimbra. Giving me a link to google saying "learn tomcat", is not the way.

I don't really understand what you're talking about I never mentioned 'learn tomcat'.

You asked for an explanation of what 'changeit' was, did the second item in the search not answer your question? If providing you with the answer isn't polite enough for you then I'll leave you to find it yourself in future.