commercial cert fails

[Vu Pham]

Dear all,

Although I am new to this forum and this is my new post, I read many posts and solutions as well as read the wiki on Installing a Thawte SSL Certificate on ZCS 5.0.x, but my installation of the Thawte SSL123 still fail, and the log shows multiple of " PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target)".

The process of verification and installation of the cert shows no errors, but after stopping and restarting zmcontrol, the whole system is down. Below is the output of what I did.
[root@f2 commercial]# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt all3.pem
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: commercial.crt: OK
** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
cp: `commercial.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial.crt' are the same file
** Appending ca chain all3.pem to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
[root@f2 commercial]# su - zimbra
[zimbra@f2 ~]$ zmcontrol stop
Host f2.jetcodelivery.com
Stopping stats...Done.
Stopping mta...Done.
Stopping spell...Done.
Stopping snmp...Done.
Stopping archiving...Done.
Stopping antivirus...Done.
Stopping antispam...Done.
Stopping imapproxy...Done.
Stopping memcached...Done.
Stopping mailbox...Done.
Stopping logger...Done.
Stopping ldap...Done.
[zimbra@f2 ~]$ zmcontrol start
Host f2.jetcodelivery.com
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting logger...Failed.
Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target)
zimbra logger service is not enabled! failed.


Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.
[zimbra@f2 ~]$

My Zimbra version is : Release 6.0.2_GA_1912.RHEL5_64_20091020161509 RHEL5_64 FOSS edition, and my OS is RHEL 5.5 64-bit.

Any advice is greatly appreciated.

Thanks,
Vu

[Vu Pham]

It looks like I missed some posts. I just did the whole process again as the wiki document says. This time, before restarting zmcontrol, I ran this command
/opt/zimbra/java/bin/keytool -import -alias <some-new-alias-here> -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file ./my_new_commercial_cert.crt

Then restarting zmcontrol brought the system up succesfully.

Perhaps the wifi should add that command for Zimbra 6 ?

Thanks,
Vu