Zimbra

pc-dok · #1 (**permalink**) 07-23-2010, 05:01 PM

hi all
today i want import a certificate from CAcert. i make it on the web, so i generate a csr, go to CAcert and generate a certifcate. i also download the root certifcate and the intermediate certificate. then i import all 3 .crt files (commercial.crt, cacert_root.crt, cacert_intermediate.crt) on the webgui but i only get this error:
Ihr Zertifikat konnte aufgrund eines Fehlers nicht installiert werden. : system failure: XXXXX ERROR: Unmatching certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current_comm.key) pair.

What i make wrong? i have read some artikles with godaddy cert, but it dont want work. can someone give me a tip or help?
greetz
franco

pc-dok · #2 (**permalink**) 07-25-2010, 05:16 AM

hi again
i have now installed a new commercial.crt. the verifying was ok, also the deploy. but when i now start zimbra i get this errors:

Code:

[zimbra@SMTP ~]$ zmcontrol start
Host smtp.network4kmu.at
	Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
	Starting logger...Failed.
Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
zimbra logger service is not enabled!  failed.


	Starting mailbox...Done.
	Starting antispam...Done.
	Starting antivirus...Done.
	Starting snmp...Done.
	Starting spell...Done.
	Starting mta...Done.
	Starting stats...Done.

so i have no webgui, what can i do. what is happen now? what is not correct?
greetz
franco

j2b · #3 (**permalink**) 07-25-2010, 10:14 AM

Did you run this:
# /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /root/certs/commercial.crt

This is according to this thread:
http://www.zimbra.com/forums/adminis...rtificate.html

pc-dok · #4 (**permalink**) 07-25-2010, 02:34 PM

hi j2b
thx for the tip, no i don't make this before. i would test it and give you answer. merci

greetz

franco

pc-dok · #5 (**permalink**) 07-25-2010, 04:32 PM

hi j2b,
so i test your tip now, and what should i say? it WORKS perfectly now, cool thing. many great thx from me

. and when someone can tell me how i can change the server that he only gets over https the webmail, then i am the happiest man in world

greetz

franco

j2b · #6 (**permalink**) 07-26-2010, 12:06 AM

Welcome! Just was dealing with this item for last two days, looking for info. Regarding your other question - is this correct, what you would like to achieve - allow connections to zimbra web client only on SSL (https)? If so, what is your setup? One server / Multiserver. Do you use Zimbra proxy or other solutions or no proxy at all?

j2b · #7 (**permalink**) 07-26-2010, 01:11 AM

Sorry, looking through your first post, it seems, that you have single server installation, but with no proxy server. To make my former question more specific, do you use any kind of proxy before ZCS server to access it via web client? Or you ar connecting to ZCS server directly?

pc-dok · #8 (**permalink**) 07-26-2010, 02:35 AM

hi j2b
i use a single server with direct connection, over firewall (monowall). i want webmail only on https available. can i do that with zimbra? no i do not use a proxy server because it is a one man show

greetz

franco

pc-dok · #9 (**permalink**) 07-26-2010, 11:10 AM

ok i found the command, zmtlsctl redirect is what i want, many thx for great helping!

greetz

franco

Zimbra

Downloads

Product Information

Toolbox

Why Join?