Results 1 to 5 of 5

Thread: SSL Certificate Error ?

  1. #1
    i2ambler is offline Special Member
    Join Date
    Jan 2010
    Posts
    161
    Rep Power
    5

    Default SSL Certificate Error ?

    I am receiving this error:

    ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed)

    On one of our servers. We have a multi-server install. The server that is getting this error is a 'utility' server that just has the zimbra tools installed so that we can provision from here instead of directly on the zimbra cluster. all was working fine up until a today. Ive read that it is an issue with the cert expiring, but the other servers are fine - so I dont want to muck with things and break the mailstores.

    Any advice would be helpful!

  2. #2
    i2ambler is offline Special Member
    Join Date
    Jan 2010
    Posts
    161
    Rep Power
    5

    Default

    Nevermind.

  3. #3
    i2ambler is offline Special Member
    Join Date
    Jan 2010
    Posts
    161
    Rep Power
    5

    Default

    My certs were expired.. I used another thread here that said to do this:

    /zmcertmgr createcrt -new -days 1000
    ./zmcertmgr deploycrt self
    ./zmcertmgr deployca


    then run this:

    /opt/zimbra/java/bin/keytool -import -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/conf/ca/ca.pem

    to correct the problem. at first it seemed that the problem was fixed - however now when I try to create accounts/archive accounts this happens:

    zmprov ca fred.flinstone@rotech.com p@ssw0rd
    1e7cd420-1a7f-450e-918d-2fc74ff69100
    [zimbra@zmstore-2 ~]$ /opt/zimbra/bin/zmarchiveconfig -s zmarchive.pharmacy.com enable fred.flinstone@rotech.com archive-cos archive
    error: permission denied: can not access account 1e7cd420-1a7f-450e-918d-2fc74ff69100

  4. #4
    i2ambler is offline Special Member
    Join Date
    Jan 2010
    Posts
    161
    Rep Power
    5

    Default

    Update.. it is definitely a server to server communication issue - now that I have updated the certs on all of the servers I get this:


    I created a user fred.flinstone@rotech.com - he was created at zmstore-1 mailstore.. I can view him by typing

    zmprov ga fred.flinstone@rotech.com from zmstore-1

    However, on zmstore-2 i get this:


    zimbra@zmstore-2 ~]$ zmprov ga fred.flinstone@rotech.com
    ERROR: service.PERM_DENIED (permission denied: can not access account aa965d2e-f5be-47a5-80f3-d91e944bf941)

    any ideas?

  5. #5
    i2ambler is offline Special Member
    Join Date
    Jan 2010
    Posts
    161
    Rep Power
    5

    Default

    Nobody has any ideas? I guess if paid support cant figure it out - I cant expect the forums to help..

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 5
    Last Post: 05-11-2012, 02:16 PM
  2. [SOLVED] I broke my server trying to optimize... HELP!
    By myriad in forum Administrators
    Replies: 9
    Last Post: 09-17-2011, 06:46 AM
  3. Replies: 6
    Last Post: 03-14-2011, 04:21 AM
  4. [SOLVED] New zcs 7 install : database errors founds
    By dkbk in forum Administrators
    Replies: 4
    Last Post: 03-01-2011, 06:49 AM
  5. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •