Did you re-run the zmcertinstall command? It takes two options for the mta, cert file and key file:
zmcertinstall mta /opt/zimbra/ssl/ssl/server/smtpd.crt /opt/zimbra/ssl/ssl/ca/ca.key
Printable View
Did you re-run the zmcertinstall command? It takes two options for the mta, cert file and key file:
zmcertinstall mta /opt/zimbra/ssl/ssl/server/smtpd.crt /opt/zimbra/ssl/ssl/ca/ca.key
right....after much hacking and chopping around I've decided to begin again. ./install -u and I've started over again as the more I hacked the more things stopped working until I had no https and no IMAPs.
Thanks for all the support so far!
Will begin again and will post my results.
To outline what I am trying to achieve: I want to configure a mail/collaboration suite on a server and for it to support multiple virtual domains. I'd like each of these virtual domains to have SSL on their POP/IMAP/SMTP mail.
Right, so I've got the server freshly installed and setup for one domain.
Here's what works:
IMAP with SSL from iMail client
https:// :7071 for admin
SMTP with Auth set in iMail fails with
after the key exchangeCode:Nov 8 23:02:27 mx postfix/smtpd[9327]: SSL_accept:error in SSLv3 read client certificate A
Nov 8 23:02:27 mx postfix/smtpd[9327]: SSL_accept error from i-195-137-88-40.freedom2surf.net[195.137.88.40]: -1
Nov 8 23:02:27 mx postfix/smtpd[9327]: lost connection after STARTTLS from i-195-137-88-40.freedom2surf.net[195.137.88.40]
Nov 8 23:02:27 mx postfix/smtpd[9327]: disconnect from i-195-137-88-40.freedom2surf.net[195.137.88.40]
http AND https for normal mail access are not running (but nmap shows the ports as open from both localhost and from the external IP)
Did postfix spit out any errors on startup regarding TLS?
So, after a rebuild from scratch I have a working IMAP/POP/SMTP with SSL AUTH set of services.
Here's what I've done to make sure that it works:
My machine is currently on a private IP with ports forwarded through from the Real World (TM) by an IPCOP firewall. We are running a DNS server on a another machine on the LAN and Zimbra is using it for resolution of itself and other FQDNs. The /etc/hosts file has been modded:
And during setup of Zimbra we setup the machine as mx.networkassociations.org.uk which has in turn created certificates that have a resovable FDQN matching that of the server connecting to.Code:127.0.0.1 localhost.localdomain localhost
192.168.0.150 mx.networkassociations.org.uk mx
The iMail cient complains that the certificate has not been signed by a known authority but after I have said that I accept the certificate then all is good.
And it works.
But!
My HTTP access is screwed - I've got HTTPS to :7071, but no HTTP or HTTP/S for email access......
Thoughts anyone?
Quote:
Originally Posted by robroadie
What do you get in the browser? Are you going to port 80? Did you try port 7070? Check out /opt/zimbra/tomcat/logs/catalina.out for more info.
I checked out the /opt/zimbra/tomcat/logs/catalina.out file and wasn't seeing anything when attempting to connect. I restarted the services and all was OK.Quote:
Originally Posted by KevinH
I'll write up more on my install and post it to these forums.
Thank you for your continued support.
I'm posted some info on the firewall ports I have opened up here: http://www.zimbra.com/forums/showthr...=3332#post3332
If you can get https on the admin interface (7071) then your certs are fine - can you telnet to port 443 or 7443 on the server?
If not, then you need to change the server's mode:
su - zimbra
zmtlsctl mixed (or https)
tomcat stop
tomcat start
mixed mode - https login, http session
https mode - all https, all the time
Marcmac, thanks for your support. As I mentioned in my previous post I restarted the services all was fine. Your information on how to change the server mode is really useful. I thought I'd highlight it by replying.Quote:
Originally Posted by marcmac