Results 1 to 7 of 7

Thread: Zimbra SSL Certificate Issue

  1. #1
    kumabhi is offline Active Member
    Join Date
    Mar 2010
    Posts
    28
    Rep Power
    5

    Default Zimbra SSL Certificate Issue

    Hi,

    I have been using zimbra 6.0.x for a year, today it stopped working. On zmprov it gave PKIX path validation failed, failed to check timestamp. On running zmcontrol start it starts ldap with message being.

    Unable to determine enabled services from ldap. Enabled services read from cache. Service list may be inaccurate.

    I tried re-creating the certificates. through the following:
    1.zmcertmgr createca -new
    worked fine
    2.zmcertmgr createcrt -new -days 365
    one failure message regarding:
    Saving server config key zimbraSSLPrivateKey--failed
    3. zmcertmgr deploycrt self
    Saving server config key zimbraSSLCertificate--failed
    Saving server config key zimbraSSLPrivateKey--failed


    Your help is eagerly awaited.

    Thanks !
    Abhishek

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    A forum search for the error would get you the following results: site:zimbra.com +"Saving server config key zimbraSSLCertificate--failed" - Yahoo! Search Results - take your pick of the solutions.

    I'll move this to the correct forum as it's not a 'User' question.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    kumabhi is offline Active Member
    Join Date
    Mar 2010
    Posts
    28
    Rep Power
    5

    Default

    Thanks for putting this in appropriate forum. I have been fighting on this for whole day on google search but no luck

    Your expertise will go a long way in bringing back our users on email.

    Abhishek

  4. #4
    eldon96 is offline Junior Member
    Join Date
    Dec 2009
    Posts
    7
    Rep Power
    5

    Default

    Quote Originally Posted by kumabhi View Post
    I have been using zimbra 6.0.x for a year, today it stopped working. On zmprov it gave PKIX path validation failed, failed to check timestamp. On running zmcontrol start it starts ldap with message being.

    Unable to determine enabled services from ldap. Enabled services read from cache. Service list may be inaccurate.

    I tried re-creating the certificates. through the following:
    1.zmcertmgr createca -new
    worked fine
    2.zmcertmgr createcrt -new -days 365
    one failure message regarding:
    Saving server config key zimbraSSLPrivateKey--failed
    3. zmcertmgr deploycrt self
    Saving server config key zimbraSSLCertificate--failed
    Saving server config key zimbraSSLPrivateKey--failed
    I'm having the same trouble. Creating new certs just errors. Any thoughts?

    Mike

  5. #5
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    Quote Originally Posted by eldon96 View Post
    I'm having the same trouble. Creating new certs just errors. Any thoughts?
    What about trying some of the solutions in the link I posted above?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    kumabhi is offline Active Member
    Join Date
    Mar 2010
    Posts
    28
    Rep Power
    5

    Default

    I used this Ajcody-Notes-SSLCerts - Zimbra :: Wiki
    Please see if it helps you.

  7. #7
    eldon96 is offline Junior Member
    Join Date
    Dec 2009
    Posts
    7
    Rep Power
    5

    Default

    Well, I looked through the solutions that the yahoo search above came up with - to no avail. I did end up finding something that helped.

    [SOLVED] SOLVED: Zimbra 6.0.1 stop working if SSL certificate is expired

    in combination with

    Recreating a Self-Signed SSL Certificate in ZCS 4.5 & 5.0 - Zimbra :: Wiki

    The step listed by Eaperezh initially failed but the wiki was far too involved for what I was wanting to do. So, comparing the two solutions revealed what to do. Doing the steps listed by Eaperezh in the order of 1, 4, 2, 3, then doing the LDAP step that he listed at the bottom solved my cert issue.

    I do have one thought that I'll worry about next year. Eaperezh says to create the cert with the -days 365 switch but the wiki doesn't mention setting a day count. If I had left the -days 365 off, would it have created a cert that would have never expired?

    Mike

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. ZCS7 Beta only Listens on IPv6
    By tobru in forum Installation
    Replies: 2
    Last Post: 03-25-2011, 03:31 AM
  2. [SOLVED] Help, I think I am running Zimbra as root!
    By primaxx in forum Administrators
    Replies: 9
    Last Post: 10-06-2010, 11:04 AM
  3. admin consol blank after 5.0.3 upgarde
    By maumar in forum Administrators
    Replies: 6
    Last Post: 03-21-2008, 05:16 AM
  4. Replies: 8
    Last Post: 02-27-2007, 04:10 AM
  5. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 07:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •