Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page LDAP Limitation = zimbraSSLPrivateKey Failure

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-07-2010, 12:29 PM
New Member
  
Posts: 3
Default LDAP Limitation = zimbraSSLPrivateKey Failure
Hi All,

I'm manually importing a commercial key where the CSR was generated on a different server. I noticed zmcertmgr was throwing an error during the install:

[root@mail certs]# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: commercial.crt: OK
** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
** NOTE: mailboxd must be restarted in order to use the imported certificate.
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...failed.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.

Regardless of the failure everything seems to be working as intended. I went digging through the LDAP to see what might be causing the failure and I noticed that my zimbraSSLCertificate was correct, but the zimbraSSLPrivateKey was wrong. When I attempted to manually import zimbraSSLPrivateKey I was given the following error:

[zimbra@mail ~]$ zmprov -l ms mail.domain.net zimbraSSLPrivateKey "`cat /tmp/mail.domain.net.09072010.key`"
ERROR: account.INVALID_ATTR_VALUE (zimbraSSLPrivateKey value length(3246) larger then max allowed: 2048)

Since my private key is 4096 bits, it simply will not fit. I think the field size limitation is what was causing the error with zmcertmgr.

How can I increase the size of zimbraSSLPrivateKey to fit my 4096 bit key? Everything seems to be working just fine, so does zimbraSSLPrivateKey even really matter?
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.