[SOLVED] unable to load certificate - when creating new self signed cert

[mbert]

After moving to a new Server (Ubuntu 6.06 32 -> 10.04 64), the logger service is not working correctly. In the Admin GUI Server status shows:

Quote:

Server status data is not available. To see the server status, loggers service must be installed.

Running zmcontrol -status shows everything is working correctly. The mail server has been functioning without any problems, except for the stats and status not working.

I suspected this may have something to do with the self signed cert we had to create during the move(in hindsight I think it might have complained of something in the process). So I decided to recreate the cert, and noticed that I am getting two errors.

On step 3 from Administration Console and CLI Certificate Tools - Zimbra :: Wiki, I get the following:

Code:

root@u10-04-zimbra:/opt/zimbra/bin# ./zmcertmgr deploycrt self
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...unable to load certificate
26819:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: TRUSTED CERTIFICATE
done.

And on step 4:

Code:

root@u10-04-zimbra:/opt/zimbra/bin# ./zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Saving global config key zimbraCertAuthorityCertSelfSigned...done.
** Saving global config key zimbraCertAuthorityKeySelfSigned...done.
** Copying CA to /opt/zimbra/conf/ca...done.
unable to load certificate
27225:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: TRUSTED CERTIFICATE

I have moved mailboxd/etc/keystore out of the way and tried this, with the same results.

So far I have been unable to locate an existing solution in the forums.

[karol.k]

Well, I have got the same error. After i did ./install.sh -u and lost all my emails.... I found out, that its not an zimbra issue, but an open-ssh issue.
I have reinstalled ssh and openssh-server and the problem was solved.

I think, the error was caused by the validity of the ssh certificate.

[mbert]

I finally had a chance to try your solution tonight, but no success so far.

Did you just remove and the install openssh-server and ssh, or did you completely purge them. Did you have to re-install zimbra or do the certs again after?

[karol.k]

Quote:

Originally Posted by mbert

I finally had a chance to try your solution tonight, but no success so far.

Did you just remove and the install openssh-server and ssh, or did you completely purge them. Did you have to re-install zimbra or do the certs again after?

I did reinstall Zimbra as well.

[mbert]

Well, after having no luck. I migrated everything over to a new server running 10.04.2 LTS, ZCS 6.0.10. Still wasn't working, so I re-installed openssh-server and then upgraded to ZCS 7.0.0 and voila, certs are working again.

But I am still having a problem that the server status is data is not available, so it must not be related to the ssl certs. I'll post a new thread for that one.