Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: fix 1 year LDAP expiration error

  1. #1
    runningtom8 is offline Junior Member
    Join Date
    Oct 2011
    Posts
    7
    Rep Power
    3

    Default fix 1 year LDAP expiration error

    Greetings,

    Does anyone know how to fix this one year anniversary LDAP error?
    My server has stop working today due to LDAP fail from start up.

    The server was installed Oct, 21 2010 last year. Today is Oct, 21 2011
    so it stop working.

    At the anniversary of the Zimbra installation. The server will stop working due
    to LDAP error.


    This has been happening to me for the last three years. Every year
    I install a new version of Zimbra and lost all of my emails in order to go around this problem.


    Doesn't anyone have a solution to this problem?


    Thank you much,

    Tom



    ******* Please see the error below ***********************
    My server running the following version. I don't think it matter too much.
    I got the same problem on version 5.x as well

    Release 6.0.8_GA_2661.RHEL4_20100820031234 RHEL4 FOSS edition.



    [zimbra@mail config]$ zmcontrol start
    Host mail.i-english.net

    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Starting logger...Failed.
    Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed)
    zimbra logger service is not enabled! failed.


    Starting mailbox...Done.
    Starting antispam...Done.
    Starting antivirus...Done.
    Starting snmp...Done.
    Starting spell...Done.
    Starting mta...Done.
    Starting stats...Done.

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,505
    Rep Power
    57

    Default

    Just regenerate your self-signed certificates.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    runningtom8 is offline Junior Member
    Join Date
    Oct 2011
    Posts
    7
    Rep Power
    3

    Default

    Bill,

    Thank you. You are going to make my family very happy for not lost all
    of our email. How to regenerate your self-signed certificates. Is there a document some where.


    Thank you,

    Tom

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,505
    Rep Power
    57

    Default

    Go to the wiki (link at the top of this page) and search for the word "certificate".
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    runningtom8 is offline Junior Member
    Join Date
    Oct 2011
    Posts
    7
    Rep Power
    3

    Default zmcertmgr viewcsr self with errors

    I have ran the following command line and got some errors. Any idea?
    Any help will be appreciate it. We need to keep to our soccer email distribution
    list.

    Tom



    [root@mail bin]# ./zmcertmgr viewcsr self
    subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net
    SubjectAltName=


    I run this command and syntax:
    [root@mail bin]# ./zmcertmgr createcsr self -new '/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net'


    ** Generating a server csr for download self -new /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20111021122658
    ** Retrieving Commercial CA cert from ldap...failed.
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...failed.

  6. #6
    runningtom8 is offline Junior Member
    Join Date
    Oct 2011
    Posts
    7
    Rep Power
    3

    Default assistance needed

    Bill,

    I can pay you or someone a fee to get this fix for me. From previous year experience
    I just want to get to my email and email distribution list working again.

    You can access my server via GoToMeeting session.

    **** got erros when I generate a new key************

    I listed the old certificate information:
    ./zmcertmgr viewcsr self
    subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net
    SubjectAltName=


    I create new certificate:
    [root@mail bin]# ./zmcertmgr createcsr self -new '/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net'

    ** Generating a server csr for download self -new /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20111021122658
    ** Retrieving Commercial CA cert from ldap...failed.
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...failed.


    Let me know

    Tom
    Last edited by runningtom8; 10-21-2011 at 01:09 PM.

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,505
    Rep Power
    57

    Default

    Which instructions did your follow, these? If they're not the ones you followed then use the instructions in there to generate the certificates.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    runningtom8 is offline Junior Member
    Join Date
    Oct 2011
    Posts
    7
    Rep Power
    3

    Default

    Bill,

    After I followed the instruction to create new certificate.

    zmmailboxdctl is not running


    Please below for more details.

    I appreciate the time you took to response to the questions.

    Tom




    [root@mail bin]# ./zmcertmgr createca -new
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.

    [root@mail bin]# ./zmcertmgr createcrt -new -day 365
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20111021154849
    ** Generating a server csr for download self -new -keysize 1024
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20111021154849
    ** Retrieving Commercial CA cert from ldap...failed.
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.

    [root@mail bin]# ./zmcertmgr deployca
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
    ** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
    ** Copying CA to /opt/zimbra/conf/ca...done.

    [root@mail bin]# ./zmcertmgr viewdeployedcrt
    ::service mta::
    notBefore=Oct 21 08:19:25 2010 GMT
    notAfter=Oct 21 08:19:25 2011 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net
    SubjectAltName=
    ::service proxy::
    notBefore=Oct 21 08:19:25 2010 GMT
    notAfter=Oct 21 08:19:25 2011 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net
    SubjectAltName=
    ::service mailboxd::
    notBefore=Oct 21 08:19:25 2010 GMT
    notAfter=Oct 21 08:19:25 2011 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net
    SubjectAltName=
    ::service ldap::
    notBefore=Oct 21 08:19:25 2010 GMT
    notAfter=Oct 21 08:19:25 2011 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.i-english.net
    SubjectAltName=
    [root@mail bin]#






    [zimbra@mail ~]$ zmcontrol status
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Host mail.i-english.net
    antispam Running
    antivirus Running
    ldap Running
    logger Stopped
    zmlogswatchctl is not running
    mailbox Stopped
    zmmailboxdctl is not running.
    mta Running
    snmp Running
    spell Running
    stats Running

  9. #9
    runningtom8 is offline Junior Member
    Join Date
    Oct 2011
    Posts
    7
    Rep Power
    3

    Default fix my zimbra for a fee

    Bill and anyone who want to help out.

    Do you know of anyone who might want to help me out for a fee?

    Please let me know soon (today). I realy need the information
    from some of my mailing list.

    Zimbra start to be a pain to use for the last three year. Every year I ran to the
    same problem and there are very little assitance out there.

    Tom

  10. #10
    ssatam is offline Zimbra Employee
    Join Date
    Jul 2010
    Posts
    9
    Rep Power
    5

    Default

    Try the following steps,

    (1) mv /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra_old
    (2) /opt/zimbra/bin/zmcertmgr createca -new
    (3) /opt/zimbra/bin/zmcertmgr deployca
    (4) /opt/zimbra/bin/zmcertmgr createcrt -new
    (5) /opt/zimbra/bin/zmcertmgr deploycrt self

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. MySQL errors
    By mludwig in forum Administrators
    Replies: 1
    Last Post: 07-11-2011, 03:40 AM
  2. LDAP error code 49 - invalid credentials
    By fieze in forum Installation
    Replies: 8
    Last Post: 05-09-2008, 05:12 AM
  3. Postfix problem
    By jimbo in forum Administrators
    Replies: 46
    Last Post: 07-23-2007, 05:24 AM
  4. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  5. LDAP: error code 80 - internal error
    By jholder in forum Installation
    Replies: 6
    Last Post: 04-14-2006, 06:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •