Ldap won't start after installing Preexisting Certifcate

[brazier]

Hi

After doing a clean install of zimbra and following the howto about installing a preexisting certifcate(link) ldap won't start. I'll try to give as much information as possible to hopefully solve my problem.

I know that some of this information may be irrelevant but i dint know what to leave out

The installation is on a VM(Xen) with 512Mb ram, installed on mail.example.com. With bind9 locally.

Zone file example.com

Code:

$TTL    604800
@       IN      SOA     ns.example.com. admin.example.com. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@      IN NS      	ns
ns      IN A      	127.0.0.1

@	IN A		127.0.0.1

@     	IN MX	        10 mail
mail   IN MX         10 mail
mail	IN A		 127.0.0.1

Due to the limitation of hardware i chose to turn off services i didn't need such as AV, spam, logger, stats and snmp following this guide

After checking that my installation actually worked, i continued to install my certificate following the guide blindly. Certificates are supplied by startcom and are valid for mail.example.com and example.com. Only changing the certificates in the chain from the ones from startcom

Code:

cat ca.pem >> ca_bundle.crt
cat sub.class1.server.ca.pem >> ca_bundle.crt

I followed the guide and no errors occurred during installation, until restarting zimbra.

When restarting zimbra, output is as following

Code:

Host mail.example.com
        Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
        Starting mailbox...Done.
        Starting mta...Done.

And /var/log/zimbra.log (rest of the log is attached)

Code:

Jan 30 13:31:13 mail zimbramon[2595]: 2595:info: zmmtaconfig: Skipping All Memcached Servers update.
Jan 30 13:31:13 mail zimbramon[2595]: 2595:info: zmmtaconfig: Skipping getAllMemcachedServers ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

After searching google for a generic non-zimbra-specific solution it seems the my certificate isn't valid for my domain? source, this didn't help me either.

So hopefully someone see where i went wrong and know how i can fix this. I have been reading around the forum a bit, and even thou threads are marked as solved, none helped me.

And more information can be delivered if needed.

[phoenix]

Quote:

Originally Posted by brazier

So hopefully someone see where i went wrong and know how i can fix this. I have been reading around the forum a bit, and even thou threads are marked as solved, none helped me.

It would help if you had actually said which 'solutions' you'd tried so we don't go over the same ground.

The first, and obvious, problem is the fact that your DNS records are incorrect and the second thing is that you have too little RAM on the server (it's way below the recommended specification). Go to the Split DNS article and read how to set-up your DNS A & MX records (and a correct and valid hosts file) for your Zimbra DNS resolution. You can also use the commands in the 'Verify...' section of that article to check your DNS & hosts file configuration is correct. I'd suggest you also read the Quick Start Installation Requirements for the system requirements for installing Zimbra.

[brazier]

I have not tried so many solutions, some say that adding the certificate in the GUI afterwords solves the problem, but since i cant access this now that dont work for me. Also i tried to manually accept the certificate.

Code:

java InstallCert mail.example.com

Since this seams to work for others with the same errors i have in the zimbra.log but don't run zimbra. This just tells me that InstallCert don't exist.

Quote:

Originally Posted by phoenix

It would help if you had actually said which 'solutions' you'd tried so we don't go over the same ground.

The first, and obvious, problem is the fact that your DNS records are incorrect and the second thing is that you have too little RAM on the server (it's way below the recommended specification). Go to the Split DNS article and read how to set-up your DNS A & MX records (and a correct and valid hosts file) for your Zimbra DNS resolution. You can also use the commands in the 'Verify...' section of that article to check your DNS & hosts file configuration is correct. I'd suggest you also read the Quick Start Installation Requirements for the system requirements for installing Zimbra.

I see now that i might have left out some information.
I know my specs are to low but the installation have been running fine for approximately 2 weeks, and with 160Mb free ram i don't see this as a problem.

The problems started after the guide to install a certificate. Also i miss to see where my zone file is wrong, is it because i have additional records or the fact that i have the records set to my loopback? This is because i have no internal address, only external and setting the records to this would mean that the internal dns would be unnecessary, and that i would have to open up my firewall to allow the ports which are only for internal use, and i see that as a huge security risk.