Results 1 to 8 of 8

Thread: [SOLVED] StartSSL Certificate deployment problem

  1. #1
    frankchavez is offline Trained Alumni
    Join Date
    Aug 2010
    Location
    Austin, TX
    Posts
    27
    Rep Power
    4

    Exclamation [SOLVED] StartSSL Certificate deployment problem

    I'm in the middle of trying to deploy a StartSSL free certificate.
    I'm following the instructions from StartSSL (Startcom) SSL Certificates with Zimbra 6.x | Linux tips collection

    Everything went fine until I got to the deploycrt (step 8)
    Code:
    [root@mail ~]# /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/certs/commercial.crt /opt/zimbra/certs/commercial_ca.crt
    ** Verifying /opt/zimbra/certs/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/certs/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /opt/zimbra/certs/commercial.crt: OK
    ** Copying /opt/zimbra/certs/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain /opt/zimbra/certs/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
    ** NOTE: mailboxd must be restarted in order to use the imported certificate.
    ** Saving server config key zimbraSSLCertificate.../opt/zimbra/bin/zmcertmgr: line 211: /bin/su: Argument list too long
    failed.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    [root@mail ~]#
    This is the line that has me worried:
    Code:
    ** Saving server config key zimbraSSLCertificate.../opt/zimbra/bin/zmcertmgr: line 211: /bin/su: Argument list too long
    failed.
    Is everything fine or is there something I have to do to fix this?
    I've searched with google and couldn't find any other people who got that error with 'su' on zmcertmgr

    I haven't restarted the services yet.

    Any help appreciated.

  2. #2
    frankchavez is offline Trained Alumni
    Join Date
    Aug 2010
    Location
    Austin, TX
    Posts
    27
    Rep Power
    4

    Default

    I took the same files I was using and put them into the admin console's certificate install and it worked without any errors.
    Not sure what exactly was going on with commands I was typing, but as long as it's working I'm happy.

  3. #3
    antolungo is offline New Member
    Join Date
    Jan 2010
    Posts
    3
    Rep Power
    5

    Default Problem with certificate ZimbraProxy

    Hi all,
    I have problem with ZCS version open source edition 6.03.
    I have multiple server installation.
    - zimbramail the first server I have following services: antivirus, ldap, logger, mailbox, mta, snmp, spell, stats.
    - zimbraproxy the second server I have proxy, mta, memcache. This is NAT with public IP

    A public server mail do relay vs zimbraproxy and i use public smtp to send email.

    My issues is about Zimbra SSL Certificate. The certificate on the first server was out of date and I have replace it with a new valid certificate. I follow this guide for regenerating certificate:
    Administration Console and CLI Certificate Tools - Zimbra :: Wiki

    This operation seems works fine. When I made the same operation on the second server (the proxy zimbra server) when I try to start the services (zmcontrol start) I have this error:Host zimbraproxy.XXXX.XXX Unable to determine enabled services from ldap.
    Unable to determine enabled services. Cache is out of date or doesn't exist.
    I have tryed to make a new certificate by using GUI of admin console but the problem still stand.
    I have tryed to make a fresh re - install of the proxy server but with no results.
    Now I have only the zimbramail in function because I can't stop email services in my firm and I have NAT to public IP my zimbramail.

    I would like to restore my previous configuration but zimbryproxy still don't work.

    I need information about Installing Certificates on my zimbraproxy

    Any ideas? Thanks in advance.

    Antolungo

  4. #4
    antolungo is offline New Member
    Join Date
    Jan 2010
    Posts
    3
    Rep Power
    5

    Default

    I have a multiply server installation! The problem in on zimbraproxy! My zimbramail works fine.
    I solve my problem with installation of StartSSL certificate?
    Why my post is in SOLVED!!!!
    Please help me with areally solution to my problem

    Best regards
    Antolungo

  5. #5
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,491
    Rep Power
    56

    Default

    Quote Originally Posted by antolungo View Post
    Why my post is in SOLVED!!!!
    The thread is marked as Solved because the original poster has marked it as solved, he's fixed his problem - see post #2.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    antolungo is offline New Member
    Join Date
    Jan 2010
    Posts
    3
    Rep Power
    5

    Default

    This is not a solution!

  7. #7
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,491
    Rep Power
    56

    Default

    Quote Originally Posted by antolungo View Post
    This is not a solution!
    It is if the original poster thinks it is, it's his thread and his 'solution'.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    bradn is offline Junior Member
    Join Date
    May 2006
    Location
    Chicago
    Posts
    7
    Rep Power
    9

    Default

    I had this exact same problem as the thread owner frankchavez including error message, symptoms etc on ZCS 7.1.1 with a StartCom class 1 cert. As was pointed out elsewhere the root of the problem was adding the CA bundle to the java key store. In my case none of the instructions worked, including frankchavez's above. The only thing that did was manually adding the root and intermediate certs to the java key store using instructions I found outside of the forum.

    Some quick advice for other StartCom cert owners:

    1) none of the instructions in the forum worked for me, including Bill's adding the cert through ZCS admin portal. Even though
    zmcertmgr verifycrt
    worked, the certificate is NOT installed properly.

    2) These 2 external links provided the right results for my StartCom cert:

    StartSSL with ZCS 6.0 step by step

    HOWTO: Java keytool with the StartCom Certificate process

    3) DO NOT restart ZCS until you are certain everything associated with your SSL cert has been installed properly. You *will not* be able to restart it until everything is fixed - you will see the dreaded zmcontrol ldap startup errors mentioning that services could not be determined:

    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    root cause is exactly as described by cpiess here but the solution is StartCom specific per (2) above

    Hope this saves other StartCom / StartSSL users some grief.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Problem with commercial certificate
    By ppaixao in forum Administrators
    Replies: 3
    Last Post: 06-05-2012, 01:49 PM
  2. Certificate problem during migration
    By neontangerine in forum Administrators
    Replies: 1
    Last Post: 11-01-2010, 01:42 PM
  3. SSL certificate problem(?) Tomcat not working
    By akai in forum Installation
    Replies: 1
    Last Post: 07-02-2007, 02:43 PM
  4. Certificate problem with SMTP using TLS
    By yuit in forum Installation
    Replies: 4
    Last Post: 11-02-2006, 06:03 PM
  5. Certificate problem following 3.1.0 -> 4.0 upgrade
    By simonellistonball in forum Migration
    Replies: 5
    Last Post: 09-26-2006, 01:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •