Results 1 to 4 of 4

Thread: Failed to start slapd.

  1. #1
    rapharjm is offline New Member
    Join Date
    Apr 2012
    Posts
    4
    Rep Power
    2

    Default Failed to start slapd.

    Today i had some problems with my zimbra..
    It wasnt starting ldap, then i tried this to fix it
    ################################################## ################################################## ############
    # Regenerate SSL Cert
    ################################################## ################################################## ############
    su - zimbra -c 'zmcontrol stop'
    rm -rf /opt/zimbra/ssl/*
    rm -rf /opt/zimbra/ssl/.rnd
    /opt/zimbra/java/bin/keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
    /opt/zimbra/java/bin/keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `su - zimbra -c 'zmlocalconfig -s -m nokey mailboxd_keystore_password'`
    vi /opt/zimbra/bin/zmcertmgr

    # Find line
    # SUBJECT="/C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}"
    # and change to your company name

    # then find and change you want value days expire cert validation_days=365 to validation_days=3650
    # save /opt/zimbra/bin/zmcertmgr

    /opt/zimbra/bin/zmcertmgr createca -new
    /opt/zimbra/bin/zmcertmgr deployca -localonly
    /opt/zimbra/bin/zmcertmgr createcrt self -new
    /opt/zimbra/bin/zmcertmgr deploycrt self

    su - zimbra -c 'zmcontrol start'

    /opt/zimbra/bin/zmcertmgr deploycrt self
    /opt/zimbra/bin/zmcertmgr deployca

    su - zimbra -c 'zmupdateauthkeys'
    /opt/zimbra/bin/zmcertmgr viewdeployedcrt

    ################################################## ################################################## ############

    but it didnt work, and now I had this message when i try to begin zimbra service:
    Starting ldap...Done.
    Failed.
    Failed to start slapd. Attempting debug start to determine error.
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:696
    TLS: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib ssl_rsa.c:491
    main: TLS init def ctx failed: -1

    What can I do?

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by rapharjm View Post
    What can I do?
    First you can start by posting in the correct forum, this belongs in ZCS/Administrators and not in Zimbra Desktop (which is where you've posted) - I'll move this thread.

    Second, a forums search finds these threads: site:zimbra.com +"PEM routines:PEM_read_bio:no start line" - Yahoo! Search Results - read some of those.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    rapharjm is offline New Member
    Join Date
    Apr 2012
    Posts
    4
    Rep Power
    2

    Default Sorry

    first post in the forum.. i'll check it, thanks

  4. #4
    rapharjm is offline New Member
    Join Date
    Apr 2012
    Posts
    4
    Rep Power
    2

    Default

    I tried this now
    As Root:
    rm -rf /opt/zimbra/ssl
    mkdir /opt/zimbra/ssl
    chown zimbra:zimbra /opt/zimbra/ssl
    chown zimbra:zimbra /opt/zimbra/java/jre/lib/security/cacerts
    chmod 644 /opt/zimbra/java/jre/lib/security/cacerts

    As zimbra:
    keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
    keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass zimbra
    zmlocalconfig -s -m nokey mailboxd_keystore_password

    As root:
    /opt/zimbra/bin/zmcertmgr createca -new
    /opt/zimbra/bin/zmcertmgr deployca -localonly
    /opt/zimbra/bin/zmcertmgr createcrt self -new
    /opt/zimbra/bin/zmcertmgr deploycrt self

    As zimbra
    zmcontrol start

    #########################

    and here is what returned

    [root@mail ~]# /opt/zimbra/bin/zmcertmgr createca -new
    ** Creating directory /opt/zimbra/ssl/zimbra
    ** Creating directory /opt/zimbra/ssl/zimbra/ca
    ** Creating directory /opt/zimbra/ssl/zimbra/server
    ** Creating directory /opt/zimbra/ssl/zimbra/commercial
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...failed.

    Generating a 1024 bit RSA private key
    ................++++++
    ........................................++++++
    writing new private key to '/opt/zimbra/ssl/zimbra/ca/ca.key'
    -----
    end of string encountered while processing type of subject name element #5
    problems making Certificate Request

    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...failed.

    /opt/zimbra/ssl/zimbra/ca/ca.csr: No such file or directory

    [root@mail ~]# /opt/zimbra/bin/zmcertmgr deployca -localonly
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...failed.

    erro de keytool: java.io.FileNotFoundException: /opt/zimbra/ssl/zimbra/ca/ca.pem (No such file or directory)

    ** Copying CA to /opt/zimbra/conf/ca...cp: impossÃ*vel obter estado de "/opt/zimbra/ssl/zimbra/ca/ca.pem": Arquivo ou diretório não encontrado
    done.
    [root@mail ~]# /opt/zimbra/bin/zmcertmgr createcrt self -new
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20120427155047
    ** Retrieving server config key zimbraSSLCertificate...failed.
    ** Retrieving server config key zimbraSSLPrivateKey...failed.
    ** Generating a server csr for download self -keysize 1024
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20120427155052
    ** Retrieving CA cert from ldap...failed.
    ** Retrieving Commercial CA cert from ldap...failed.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...failed.

    /opt/zimbra/ssl/zimbra/ca/ca.csr: No such file or directory

    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...failed.

    Generating a 1024 bit RSA private key
    ....................++++++
    .......................++++++
    writing new private key to '/opt/zimbra/ssl/zimbra/server/server.key'
    -----
    end of string encountered while processing type of subject name element #5
    problems making Certificate Request

    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...failed.

    Using configuration from /opt/zimbra/ssl/zimbra/ca/zmssl.cnf
    Error opening CA certificate /opt/zimbra/ssl/zimbra/ca/ca.pem
    140078117283496:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/opt/zimbra/ssl/zimbra/ca/ca.pem','r')
    140078117283496:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
    unable to load certificate

    [root@mail ~]# /opt/zimbra/bin/zmcertmgr deploycrt self
    ** Saving server config key zimbraSSLCertificate...
    failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.

    XXXXX ERROR: failed to create jetty.pkcs12
    unable to load certificates

    ###################

    These certificates are the reason of the problem? (sorry if my questions are so idiots to you, but I never worked with Zimbra or CentOS before.. :/ )

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] ERROR - failed to start slapd
    By jeremyshoe in forum Administrators
    Replies: 16
    Last Post: 11-11-2013, 04:30 AM
  2. The installer was interrupted...
    By spiderbo in forum Zimbra Connector for Outlook
    Replies: 9
    Last Post: 05-23-2013, 06:33 AM
  3. Failed to start slapd
    By skot999 in forum Administrators
    Replies: 1
    Last Post: 10-13-2011, 12:39 AM
  4. [SOLVED] Failed to start slapd.
    By Shalva77 in forum Administrators
    Replies: 2
    Last Post: 05-28-2011, 05:27 AM
  5. [SOLVED] failed to start slapd after cloning
    By bhwong in forum Administrators
    Replies: 7
    Last Post: 11-19-2010, 12:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •