Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page SSL Certificate Error ?

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-06-2011, 08:10 AM
Special Member
  
Posts: 160
Default SSL Certificate Error ?
I am receiving this error:

ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed)

On one of our servers. We have a multi-server install. The server that is getting this error is a 'utility' server that just has the zimbra tools installed so that we can provision from here instead of directly on the zimbra cluster. all was working fine up until a today. Ive read that it is an issue with the cert expiring, but the other servers are fine - so I dont want to muck with things and break the mailstores.

Any advice would be helpful!
Reply With Quote
  #2 (permalink)  
Old 05-06-2011, 11:07 AM
Special Member
  
Posts: 160
Default
Nevermind.
Reply With Quote
  #3 (permalink)  
Old 05-06-2011, 12:45 PM
Special Member
  
Posts: 160
Default
My certs were expired.. I used another thread here that said to do this:

/zmcertmgr createcrt -new -days 1000
./zmcertmgr deploycrt self
./zmcertmgr deployca


then run this:

/opt/zimbra/java/bin/keytool -import -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/conf/ca/ca.pem

to correct the problem. at first it seemed that the problem was fixed - however now when I try to create accounts/archive accounts this happens:

zmprov ca fred.flinstone@rotech.com p@ssw0rd
1e7cd420-1a7f-450e-918d-2fc74ff69100
[zimbra@zmstore-2 ~]$ /opt/zimbra/bin/zmarchiveconfig -s zmarchive.pharmacy.com enable fred.flinstone@rotech.com archive-cos archive
error: permission denied: can not access account 1e7cd420-1a7f-450e-918d-2fc74ff69100
Reply With Quote
  #4 (permalink)  
Old 05-06-2011, 01:03 PM
Special Member
  
Posts: 160
Default
Update.. it is definitely a server to server communication issue - now that I have updated the certs on all of the servers I get this:


I created a user fred.flinstone@rotech.com - he was created at zmstore-1 mailstore.. I can view him by typing

zmprov ga fred.flinstone@rotech.com from zmstore-1

However, on zmstore-2 i get this:


zimbra@zmstore-2 ~]$ zmprov ga fred.flinstone@rotech.com
ERROR: service.PERM_DENIED (permission denied: can not access account aa965d2e-f5be-47a5-80f3-d91e944bf941)

any ideas?
Reply With Quote
  #5 (permalink)  
Old 05-09-2011, 05:36 AM
Special Member
  
Posts: 160
Default
Nobody has any ideas? I guess if paid support cant figure it out - I cant expect the forums to help..
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.