Zimbra

goetzi · #1 (**permalink**) 11-20-2005, 03:34 PM

Hi,

If I want to access my Zimbra server, there is following error (with firefox):

Code:

Firefox and 192.168.0.15 cannot communicate securely because they have no common encryption algorithms.

Internet Explorer tells me the Server or DNS can't be found.

If i switch the server to http (with "zmtlsctl http") I can only access the frontend.

I've restarted the server, still the same problem. What can this be?

What I did (maybe because of this it is broken): I changed the "MTA name" and the "server host name" (can't remember the correct name of this two settings). How can i reset this values with the command prompt?
Or generally said: How can I make my server work correctly?

marcmac · #2 (**permalink**) 11-20-2005, 05:38 PM

Sounds like your certificates are bad/missing - create a new self-signed cert with zmcreatecert, then zmcertinstall mailbox will install it. Restart tomcat when done.

goetzi · #3 (**permalink**) 11-20-2005, 10:30 PM

That didn't really work.

Code:

[zimbra@mail ~]$ zmcreatecert
** Importing CA

keytool error: java.lang.Exception: Certificate not imported, alias <my_ca> already exists
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
..++++++
....++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 8 (0x8)
        Validity
            Not Before: Nov 21 05:27:58 2005 GMT
            Not After : Nov 21 05:27:58 2006 GMT
        Subject:
            countryName               = US
            stateOrProvinceName       = N/A
            organizationName          = Zimbra Collaboration Suite
            commonName                = mail.*domain*.mine.nu
        X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE
            Netscape Comment:
            OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
            63:42:7F:6D:28:37:F2:A2:0B:BA:54:C5:1F:0C:C7:31:7C:A4:F4:A9
            X509v3 Authority Key Identifier:
            DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=mail.*domain*.mine.nu
            serial:00

Certificate is to be certified until Nov 21 05:27:58 2006 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=mail.goetzi.mine.nu
Getting CA Private Key
unable to write 'random state'

Code:

[zimbra@mail ~]$ zmcertinstall
** Importing server cert

/opt/zimbra/bin/zmcertinstall: line 81: [: =: unary operator expected
cp: missing destination file
Try `cp --help' for more information.

marcmac · #4 (**permalink**) 11-21-2005, 08:09 AM

You want:
zmcertinstall mailbox

(I think that bad error message you saw has been fixed in the lastest code - I'll check it out)

Don't forget to restart tomcat afterwards.

goetzi · #5 (**permalink**) 11-21-2005, 09:17 AM

That didn't work.

I did a re-install (over the existing one), changed the domain name (to the one I needed, the name before was just for testing).

After install:

Code:

[zimbra@mail ~]$ zmcontrol status
Host zimbra.*domain*.de
        antispam                Running
        antivirus               Running
        ldap                    Running
        logger                  Running
        mailbox                 Running
        mta                     Running
        snmp                    Running
        spell                   Running

Code:

[zimbra@mail ~]$ zmcreatecert
** Importing CA

keytool error: java.lang.Exception: Certificate not imported, alias <my_ca> already exists
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
................++++++
............................++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 5 (0x5)
        Validity
            Not Before: Nov 21 16:10:29 2005 GMT
            Not After : Nov 21 16:10:29 2006 GMT
        Subject:
            countryName               = US
            stateOrProvinceName       = N/A
            organizationName          = Zimbra Collaboration Suite
            commonName                = zimbra.*domain*.de
        X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE
            Netscape Comment:
            OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
            91:85:C3:06:87:D3:07:59:9E:B2:E9:8D:C6:00:29:28:51:2E:D7:10
            X509v3 Authority Key Identifier:
            DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=mail.*domain*.mine.nu
            serial:00

Certificate is to be certified until Nov 21 16:10:29 2006 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=zimbra.*domain*.de
Getting CA Private Key
unable to write 'random state'

goetzi · #6 (**permalink**) 11-21-2005, 09:22 AM

(Because it said "you have too many images in your post" i splitted my post)

Code:

[zimbra@mail ~]$ zmcertinstall mailbox
** Importing server cert

Owner: CN=zimbra.glatter-goetz.de, O=Zimbra Collaboration Suite, ST=N/A, C=US
Issuer: CN=mail.goetzi.mine.nu, O=Zimbra Collaboration Suite, L=N/A, ST=N/A, C=US
Serial number: 5
Valid from: Mon Nov 21 17:10:29 CET 2005 until: Tue Nov 21 17:10:29 CET 2006
Certificate fingerprints:
         MD5:  E5:A6:A7:FE:66:7B:E3:11:34:32:E9:F5:77:75:E4:7C
         SHA1: CD:A8:D8:CC:5C:CB:03:BD:08:A1:32:14:7A:D8:08:C9:DC:47:0F:14
Trust this certificate? [no]:  y
Certificate was added to keystore

Code:

[zimbra@mail ~]$ tomcat stop
Using CATALINA_BASE:   /opt/zimbra/tomcat
Using CATALINA_HOME:   /opt/zimbra/tomcat
Using CATALINA_TMPDIR: /opt/zimbra/tomcat/temp
Using JRE_HOME:       /opt/zimbra/java
Waiting . shutdown ok
[zimbra@mail ~]$ tomcat start
[zimbra@mail ~]$

goetzi · #7 (**permalink**) 11-21-2005, 09:34 AM

OK, looks like this fixed it:

Code:

zmcreatecert
zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key

PAI · #8 (**permalink**) 12-23-2005, 12:33 PM

Quote:

Originally Posted by goetzi

OK, looks like this fixed it:

Code:

zmcreatecert
zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key

I have followed these steps as well as some outlined in other posts and am still at a loss to get rid of the 'no compatible encryption' error on port 7071

anymore advise y'all could give?