Issue creating Self-Signed Certificate

[jtran]

Requesting help regarding logger not starting up (timestamp check failed)

zmcontrol -v
Release 6.0.5_GA_2213.RHEL5_20100202220948 CentOS5 FOSS edition.

zmcontrol status
antispam Running
antivirus Running
ldap Running
logger Stopped
zmlogswatchctl is not running
mailbox Stopped
zmmailboxdctl is not running.
mta Running
snmp Running
spell Running
stats Stopped

zmcontrol start
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting logger...Failed.
Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed)
zimbra logger service is not enabled! failed.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.

Verified DNS and everything is working fine.

Tried recreating self-signed certificate, but errors with the following:

./zmcertmgr createca -new
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.

./zmcertmgr createcrt -new -days 365
Validation days: 365
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100910112948
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100910112948
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Saving server config key zimbraSSLPrivateKey...failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.

./zmcertmgr deploycrt self
** Saving server config key zimbraSSLCertificate...failed.
** Saving server config key zimbraSSLPrivateKey...failed.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.

Any help is appreciated, Thank You in advance

[Filly]

exactly the same her ... my zimbra is not working at all now, please help

i'm on debian 64 bit, 6.0.4 currenty installed. update to 6.0.8 did not work either

[phoenix]

Quote:

Originally Posted by Filly

exactly the same her ... my zimbra is not working at all now, please help

i'm on debian 64 bit, 6.0.4 currenty installed. update to 6.0.8 did not work either

Instead of posting a 'me too' which tells us nothing it would be helpful if you actually gave some details of what the problem is - with complete steps to reproduce it or the exact steps you've taken to get yourself in this position. Did you also search the forums for information on how to install a certificate? You should also check the log files and see if there's any relevant information in there.

According to the original posters information it says that the logger service isn't enabled, is that the case in your error messages? Check the status of the enabled servcies with the following:

Code:

zmprov gs `zmhostname` | grep zimbraServiceEnabled

Use that command exactly as you see it with backticks not single quotes and do not change the word hostname to anything else.

To save us having to ask you each time you post you should also update your forum profile with the output of the following command (do not post the output in this thread):

Code:

zmcontrol -v

[controloye]

I had the same problem and follwoing worked for me.
I am glad my server is up now.
Thanks for your tips.

./zmcertmgr createcrt -new -days 365

./zmcertmgr deploycrt self

[morgab]

Quote:

Originally Posted by controloye

I had the same problem and follwoing worked for me.
I am glad my server is up now.
Thanks for your tips.

./zmcertmgr createcrt -new -days 365

./zmcertmgr deploycrt self

Hi!

When I try to run this command, I get "./zmcertmgr: Permission denied"
I guess there's a simple solution, but what is it? I am supposedly running as a super user named zimbra.
Thanks

[phoenix]

Quote:

Originally Posted by morgab

When I try to run this command, I get "./zmcertmgr: Permission denied"
I guess there's a simple solution, but what is it? I am supposedly running as a super user named zimbra.

Details for using that command are here: Administration Console and CLI Certificate Tools - Zimbra :: Wiki BTW, there is no "super user" named zimbra, that's a 'normal' linux user.

[morgab]

Quote:

Originally Posted by phoenix

Details for using that command are here: Administration Console and CLI Certificate Tools - Zimbra :: Wiki BTW, there is no "super user" named zimbra, that's a 'normal' linux user.

Yeah, you're right

I just read the article and successfully ran commands to renew the certificate.
Thanks anyway!

Btw. I also ran these commands prior to the zmcertmgr commands, to "clean up" the permissions:

> chown -R zimbra:zimbra /opt/zimbra
> /opt/zimbra/libexec/zmfixperms -verbose