Zimbra SSL Certificate Issue

[kumabhi]

Hi,

I have been using zimbra 6.0.x for a year, today it stopped working. On zmprov it gave PKIX path validation failed, failed to check timestamp. On running zmcontrol start it starts ldap with message being.

Unable to determine enabled services from ldap. Enabled services read from cache. Service list may be inaccurate.

I tried re-creating the certificates. through the following:
1.zmcertmgr createca -new
worked fine
2.zmcertmgr createcrt -new -days 365
one failure message regarding:
Saving server config key zimbraSSLPrivateKey--failed
3. zmcertmgr deploycrt self
Saving server config key zimbraSSLCertificate--failed
Saving server config key zimbraSSLPrivateKey--failed


Your help is eagerly awaited.

Thanks !
Abhishek

[phoenix]

A forum search for the error would get you the following results: site:zimbra.com +"Saving server config key zimbraSSLCertificate--failed" - Yahoo! Search Results - take your pick of the solutions.

I'll move this to the correct forum as it's not a 'User' question.

[kumabhi]

Thanks for putting this in appropriate forum. I have been fighting on this for whole day on google search but no luck

Your expertise will go a long way in bringing back our users on email.

Abhishek

[eldon96]

Quote:

Originally Posted by kumabhi

I have been using zimbra 6.0.x for a year, today it stopped working. On zmprov it gave PKIX path validation failed, failed to check timestamp. On running zmcontrol start it starts ldap with message being.

Unable to determine enabled services from ldap. Enabled services read from cache. Service list may be inaccurate.

I tried re-creating the certificates. through the following:
1.zmcertmgr createca -new
worked fine
2.zmcertmgr createcrt -new -days 365
one failure message regarding:
Saving server config key zimbraSSLPrivateKey--failed
3. zmcertmgr deploycrt self
Saving server config key zimbraSSLCertificate--failed
Saving server config key zimbraSSLPrivateKey--failed

I'm having the same trouble. Creating new certs just errors. Any thoughts?

Mike

[phoenix]

Quote:

Originally Posted by eldon96

I'm having the same trouble. Creating new certs just errors. Any thoughts?

What about trying some of the solutions in the link I posted above?

[kumabhi]

I used this Ajcody-Notes-SSLCerts - Zimbra :: Wiki
Please see if it helps you.

[eldon96]

Well, I looked through the solutions that the yahoo search above came up with - to no avail. I did end up finding something that helped.

[SOLVED] SOLVED: Zimbra 6.0.1 stop working if SSL certificate is expired

in combination with

Recreating a Self-Signed SSL Certificate in ZCS 4.5 & 5.0 - Zimbra :: Wiki

The step listed by Eaperezh initially failed but the wiki was far too involved for what I was wanting to do. So, comparing the two solutions revealed what to do. Doing the steps listed by Eaperezh in the order of 1, 4, 2, 3, then doing the LDAP step that he listed at the bottom solved my cert issue.

I do have one thought that I'll worry about next year. Eaperezh says to create the cert with the -days 365 switch but the wiki doesn't mention setting a day count. If I had left the -days 365 off, would it have created a cert that would have never expired?

Mike