Can't access the server anymore

**goetzi** · 11-20-2005, 02:34 PM

Hi,

If I want to access my Zimbra server, there is following error (with firefox):

Code:

Firefox and 192.168.0.15 cannot communicate securely because they have no common encryption algorithms.

Internet Explorer tells me the Server or DNS can't be found.

If i switch the server to http (with "zmtlsctl http") I can only access the frontend.

I've restarted the server, still the same problem. What can this be?

What I did (maybe because of this it is broken): I changed the "MTA name" and the "server host name" (can't remember the correct name of this two settings). How can i reset this values with the command prompt?
Or generally said: How can I make my server work correctly?

**marcmac** · 11-20-2005, 04:38 PM

Sounds like your certificates are bad/missing - create a new self-signed cert with zmcreatecert, then zmcertinstall mailbox will install it. Restart tomcat when done.

**goetzi** · 11-20-2005, 09:30 PM

That didn't really work.

Code:

[zimbra@mail ~]$ zmcreatecert
** Importing CA

keytool error: java.lang.Exception: Certificate not imported, alias <my_ca> already exists
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
..++++++
....++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 8 (0x8)
        Validity
            Not Before: Nov 21 05:27:58 2005 GMT
            Not After : Nov 21 05:27:58 2006 GMT
        Subject:
            countryName               = US
            stateOrProvinceName       = N/A
            organizationName          = Zimbra Collaboration Suite
            commonName                = mail.*domain*.mine.nu
        X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE
            Netscape Comment:
            OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
            63:42:7F:6D:28:37:F2:A2:0B:BA:54:C5:1F:0C:C7:31:7C:A4:F4:A9
            X509v3 Authority Key Identifier:
            DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=mail.*domain*.mine.nu
            serial:00

Certificate is to be certified until Nov 21 05:27:58 2006 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=mail.goetzi.mine.nu
Getting CA Private Key
unable to write 'random state'

Code:

[zimbra@mail ~]$ zmcertinstall
** Importing server cert

/opt/zimbra/bin/zmcertinstall: line 81: [: =: unary operator expected
cp: missing destination file
Try `cp --help' for more information.

**marcmac** · 11-21-2005, 07:09 AM

You want:
zmcertinstall mailbox

(I think that bad error message you saw has been fixed in the lastest code - I'll check it out)

Don't forget to restart tomcat afterwards.

**goetzi** · 11-21-2005, 08:17 AM

That didn't work.

I did a re-install (over the existing one), changed the domain name (to the one I needed, the name before was just for testing).

After install:

Code:

[zimbra@mail ~]$ zmcontrol status
Host zimbra.*domain*.de
        antispam                Running
        antivirus               Running
        ldap                    Running
        logger                  Running
        mailbox                 Running
        mta                     Running
        snmp                    Running
        spell                   Running

Code:

[zimbra@mail ~]$ zmcreatecert
** Importing CA

keytool error: java.lang.Exception: Certificate not imported, alias <my_ca> already exists
** Creating keystore

** Creating server cert request

Generating a 1024 bit RSA private key
................++++++
............................++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 5 (0x5)
        Validity
            Not Before: Nov 21 16:10:29 2005 GMT
            Not After : Nov 21 16:10:29 2006 GMT
        Subject:
            countryName               = US
            stateOrProvinceName       = N/A
            organizationName          = Zimbra Collaboration Suite
            commonName                = zimbra.*domain*.de
        X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE
            Netscape Comment:
            OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
            91:85:C3:06:87:D3:07:59:9E:B2:E9:8D:C6:00:29:28:51:2E:D7:10
            X509v3 Authority Key Identifier:
            DirName:/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=mail.*domain*.mine.nu
            serial:00

Certificate is to be certified until Nov 21 16:10:29 2006 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
Signature ok
subject=/C=US/ST=NA/L=NA/O=Zimbra/OU=Zimbra/CN=zimbra.*domain*.de
Getting CA Private Key
unable to write 'random state'

**goetzi** · 11-21-2005, 08:22 AM

(Because it said "you have too many images in your post" i splitted my post)

Code:

[zimbra@mail ~]$ zmcertinstall mailbox
** Importing server cert

Owner: CN=zimbra.glatter-goetz.de, O=Zimbra Collaboration Suite, ST=N/A, C=US
Issuer: CN=mail.goetzi.mine.nu, O=Zimbra Collaboration Suite, L=N/A, ST=N/A, C=US
Serial number: 5
Valid from: Mon Nov 21 17:10:29 CET 2005 until: Tue Nov 21 17:10:29 CET 2006
Certificate fingerprints:
         MD5:  E5:A6:A7:FE:66:7B:E3:11:34:32:E9:F5:77:75:E4:7C
         SHA1: CD:A8:D8:CC:5C:CB:03:BD:08:A1:32:14:7A:D8:08:C9:DC:47:0F:14
Trust this certificate? [no]:  y
Certificate was added to keystore

Code:

[zimbra@mail ~]$ tomcat stop
Using CATALINA_BASE:   /opt/zimbra/tomcat
Using CATALINA_HOME:   /opt/zimbra/tomcat
Using CATALINA_TMPDIR: /opt/zimbra/tomcat/temp
Using JRE_HOME:       /opt/zimbra/java
Waiting . shutdown ok
[zimbra@mail ~]$ tomcat start
[zimbra@mail ~]$

**goetzi** · 11-21-2005, 08:34 AM

OK, looks like this fixed it:

Code:

zmcreatecert
zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key

**PAI** · 12-23-2005, 11:33 AM

Originally Posted by goetzi

OK, looks like this fixed it:

Code:

zmcreatecert
zmcertinstall mta ssl/ssl/server/server.crt ssl/ssl/server/server.key

I have followed these steps as well as some outlined in other posts and am still at a loss to get rid of the 'no compatible encryption' error on port 7071

anymore advise y'all could give?

**marcmac** · 12-23-2005, 11:43 AM

zmcertinstall mailbox
tomcat stop
tomcat start

**PAI** · 12-23-2005, 11:48 AM

Originally Posted by marcmac

zmcertinstall mailbox
tomcat stop
tomcat start

tried doing this again, I still end up with the same error.

anything else?
thanks

Zimbra

Thread: Can't access the server anymore

LinkBack

Thread Tools

Search Thread

Display

Can't access the server anymore

new certs

command syntax

no compatible encryption

Thread Information

Users Browsing this Thread

Similar Threads

initializing ldap...FAILED(256)ERROR

Zimbra fails after working for 2 weeks

need advice on configuring zimbra to work with fax server

Error 256 on Installation

logger won't start: /opt/zimbra/bin/zmlogswatchctl: line 69: kill: (5491) - No such

Posting Permissions