Results 1 to 3 of 3

Thread: Ldap won't start after installing Preexisting Certifcate

  1. #1
    brazier is offline New Member
    Join Date
    Jan 2011
    Posts
    4
    Rep Power
    4

    Thumbs up Ldap won't start after installing Preexisting Certifcate

    Hi

    After doing a clean install of zimbra and following the howto about installing a preexisting certifcate(link) ldap won't start. I'll try to give as much information as possible to hopefully solve my problem.

    I know that some of this information may be irrelevant but i dint know what to leave out

    The installation is on a VM(Xen) with 512Mb ram, installed on mail.example.com. With bind9 locally.

    Zone file example.com
    Code:
    $TTL    604800
    @       IN      SOA     ns.example.com. admin.example.com. (
                                  1         ; Serial
                             604800         ; Refresh
                              86400         ; Retry
                            2419200         ; Expire
                             604800 )       ; Negative Cache TTL
    ;
    @      IN NS      	ns
    ns      IN A      	127.0.0.1
    
    @	IN A		127.0.0.1
    
    @     	IN MX	        10 mail
    mail   IN MX         10 mail
    mail	IN A		 127.0.0.1
    Due to the limitation of hardware i chose to turn off services i didn't need such as AV, spam, logger, stats and snmp following this guide

    After checking that my installation actually worked, i continued to install my certificate following the guide blindly. Certificates are supplied by startcom and are valid for mail.example.com and example.com. Only changing the certificates in the chain from the ones from startcom

    Code:
    cat ca.pem >> ca_bundle.crt
    cat sub.class1.server.ca.pem >> ca_bundle.crt
    I followed the guide and no errors occurred during installation, until restarting zimbra.

    When restarting zimbra, output is as following
    Code:
    Host mail.example.com
            Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
            Starting mailbox...Done.
            Starting mta...Done.
    And /var/log/zimbra.log (rest of the log is attached)
    Code:
    Jan 30 13:31:13 mail zimbramon[2595]: 2595:info: zmmtaconfig: Skipping All Memcached Servers update.
    Jan 30 13:31:13 mail zimbramon[2595]: 2595:info: zmmtaconfig: Skipping getAllMemcachedServers ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
    After searching google for a generic non-zimbra-specific solution it seems the my certificate isn't valid for my domain? source, this didn't help me either.

    So hopefully someone see where i went wrong and know how i can fix this. I have been reading around the forum a bit, and even thou threads are marked as solved, none helped me.

    And more information can be delivered if needed.
    Attached Files Attached Files

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Quote Originally Posted by brazier View Post
    So hopefully someone see where i went wrong and know how i can fix this. I have been reading around the forum a bit, and even thou threads are marked as solved, none helped me.
    It would help if you had actually said which 'solutions' you'd tried so we don't go over the same ground.

    The first, and obvious, problem is the fact that your DNS records are incorrect and the second thing is that you have too little RAM on the server (it's way below the recommended specification). Go to the Split DNS article and read how to set-up your DNS A & MX records (and a correct and valid hosts file) for your Zimbra DNS resolution. You can also use the commands in the 'Verify...' section of that article to check your DNS & hosts file configuration is correct. I'd suggest you also read the Quick Start Installation Requirements for the system requirements for installing Zimbra.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    brazier is offline New Member
    Join Date
    Jan 2011
    Posts
    4
    Rep Power
    4

    Default

    I have not tried so many solutions, some say that adding the certificate in the GUI afterwords solves the problem, but since i cant access this now that dont work for me. Also i tried to manually accept the certificate.
    Code:
    java InstallCert mail.example.com
    Since this seams to work for others with the same errors i have in the zimbra.log but don't run zimbra. This just tells me that InstallCert don't exist.


    Quote Originally Posted by phoenix View Post
    It would help if you had actually said which 'solutions' you'd tried so we don't go over the same ground.

    The first, and obvious, problem is the fact that your DNS records are incorrect and the second thing is that you have too little RAM on the server (it's way below the recommended specification). Go to the Split DNS article and read how to set-up your DNS A & MX records (and a correct and valid hosts file) for your Zimbra DNS resolution. You can also use the commands in the 'Verify...' section of that article to check your DNS & hosts file configuration is correct. I'd suggest you also read the Quick Start Installation Requirements for the system requirements for installing Zimbra.
    I see now that i might have left out some information.
    I know my specs are to low but the installation have been running fine for approximately 2 weeks, and with 160Mb free ram i don't see this as a problem.

    The problems started after the guide to install a certificate. Also i miss to see where my zone file is wrong, is it because i have additional records or the fact that i have the records set to my loopback? This is because i have no internal address, only external and setting the records to this would mean that the internal dns would be unnecessary, and that i would have to open up my firewall to allow the ports which are only for internal use, and i see that as a huge security risk.
    Last edited by brazier; 01-30-2011 at 06:59 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. The installer was interrupted...
    By spiderbo in forum Zimbra Connector for Outlook
    Replies: 9
    Last Post: 05-23-2013, 06:33 AM
  2. Replies: 8
    Last Post: 12-23-2010, 11:17 AM
  3. Error Installing Outlook Connector
    By DanO in forum Zimbra Connector for Outlook
    Replies: 17
    Last Post: 08-28-2007, 09:35 AM
  4. Installing Zimbra using OSX LDAP
    By camiriddle in forum Installation
    Replies: 2
    Last Post: 07-13-2006, 06:17 PM
  5. Is it started or not
    By kwelipatton in forum Installation
    Replies: 10
    Last Post: 03-28-2006, 11:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •