Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page [SOLVED] [zmcertmgr] error deploying comm startcom sslcert

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 07-17-2010, 12:38 PM
New Member
  
Posts: 3
Default [SOLVED] [zmcertmgr] error deploying comm startcom sslcert
Hi there,

i'm running Release 6.0.7_GA_2473 on a Debian Testing.
I tried to install a commerial startcom ssl cert as described in the zimbra wiki and here. Everything went fine until i tried to deploy the cert:
Code:
server:~# /opt/zimbra/bin/zmcertmgr deploycrt comm /root/.ssl/commercial.crt /root/.ssl/commercial_ca.pem
** Verifying /root/.ssl/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/root/.ssl/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /root/.ssl/commercial.crt: OK
** Copying /root/.ssl/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain /root/.ssl/commercial_ca.pem to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
** NOTE: mailboxd must be restarted in order to use the imported certificate.
** Saving server config key zimbraSSLCertificate.../opt/zimbra/bin/zmcertmgr: Zeile 210: /bin/su: Die Argumentliste ist zu lang
failed.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.

XXXXX ERROR: failed to create jetty.pkcs12
No certificate matches private key
Apparently, the bash script zmcertmgr tries to pass the ca-bunde (this one) as a string over the command line:

Code:
local content=`cat ${file}`
...
echo -n "** Saving $location config key $key..."
su - zimbra -c "${zimbra_home}/bin/zmprov -m -l -- ${zmprov_opts} ${key} \"$content\" 2> /dev/null"
The bundles filesize is 132903 bytes, probably hitting some limit for command line argument length in my kernel:
Code:
uname -r
2.6.28.7

getconf ARG_MAX
2097152

cat /usr/src/linux/include/linux/binfmts.h | grep MAX_ARG_STRLEN
#define MAX_ARG_STRLEN (PAGE_SIZE * 32)

getconf PAGE_SIZE
4096
Reffering to this article
Quote:
And as additional limit, one argument must not be longer than MAX_ARG_STRLEN (131072).
i guess that the maximum length for that particular argument is slightly exceed, even though the ARG_MAX is big enough.

I'd be happy to get some feedback on that.

Thanks, Hawkeye.
Reply With Quote
  #2 (permalink)  
Old 07-29-2010, 08:50 AM
New Member
  
Posts: 3
Default [SOLVED] [zmcertmgr] error deploying comm startcom sslcert
Hi,

Startcom included about 100k crls to the ca-bundle. Removing every single
Code:
-----BEGIN X509 CRL----- 
...
-----END X509 CRL-----
from ca-bundle.pem avoids the problem with the maximum command line argument length.

Additionally, i had to add a <CR> (newline) to the end of my personal certificate to bypass this.

Hawkeye.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.