Page 2 of 7 FirstFirst 1234 ... LastLast
Results 11 to 20 of 66

Thread: [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure

  1. #11
    Klug's Avatar
    Klug is online now Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Thanks for the syntax.

    Still not working (tried 3 times, double-checking the password each time and trying cut/paste too) :
    Code:
    [zimbra@zimbra-oss ~]$ ldapmodify -x -h localhost  -D "uid=zimbra,cn=admins,cn=zimbra" -W
    Enter LDAP Password:
    ldap_bind: Can't contact LDAP server (-1)

  2. #12
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,262
    Rep Power
    10

    Default

    slapd doesn't listen on localhost. It must be the name of your host.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  3. #13
    Klug's Avatar
    Klug is online now Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    /me stupid

    All done (steps a, b, c and d), no error.
    Now restarting zimbra...
    Last edited by Klug; 12-21-2007 at 02:48 PM.

  4. #14
    Klug's Avatar
    Klug is online now Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Still not working, same error in zimbra.log

  5. #15
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,262
    Rep Power
    10

    Default

    What is the output of (running as zimbra)

    Code:
    ldapsearch -x -ZZ -h "FQDN" -b "" -s base
    And it must be the fully qualified name of the host (FQDN).

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  6. #16
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Move the stuff in /opt/zimbra/ssl to a temp directory, and rerun the commands.

  7. #17
    Klug's Avatar
    Klug is online now Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Quote Originally Posted by quanah View Post
    What is the output of (running as zimbra)
    Code:
    ldapsearch -x -ZZ -h "FQDN" -b "" -s base
    It says :
    Code:
    $ ldapsearch -x -ZZ -h "zimbra-oss.network-studio.com" -b "" -s base
    # extended LDIF
    #
    # LDAPv3
    # base <> with scope baseObject
    # filter: (objectclass=*)
    # requesting: ALL
    #
    
    #
    dn:
    objectClass: top
    objectClass: OpenLDAProotDSE
    
    # search result
    search: 3
    result: 0 Success
    
    # numResponses: 2
    # numEntries: 1

  8. #18
    Klug's Avatar
    Klug is online now Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Quote Originally Posted by jholder View Post
    Move the stuff in /opt/zimbra/ssl to a temp directory, and rerun the commands.
    That fixed it 8)

    We moved everything elsewhere except ca.csr (we tried without the old file and it did not work), steps a to d and it works.

    There might be a problem with zmcertmgr : the /opt/zimbra/ssl/zimbra/ca/ca.pem file showed the correct hour (when I modified it) but what was inside is wrong :
    Code:
    # openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -noout -text
    Certificate:
        Data:
            Version: 1 (0x0)
            Serial Number: 0 (0x0)
            Signature Algorithm: md5WithRSAEncryption
            Issuer: C=US, ST=N/A, L=N/A, O=Zimbra Collaboration Suite
            Validity
                Not Before: Sep 19 14:30:12 2006 GMT
                Not After : Sep 19 14:30:12 2007 GMT
      .....
    Thank you so much for your help.

    Should I open a bug ?

  9. #19
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,262
    Rep Power
    10

    Default

    No, we are aware of the issue and there's already a bug on it. Glad it is working now!

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  10. #20
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Just to tie the loose ends up:
    It appears that if you have an expired certificate, it can cause postfix to stop running. This will be fixed in 5.0.1

    See bug: Bug 23253 - an expired CA cert will block mail delivery after upgrading to 5.0.0

Page 2 of 7 FirstFirst 1234 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 01:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. Issues...
    By timothyalangorman in forum Administrators
    Replies: 3
    Last Post: 11-19-2007, 10:43 AM
  4. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 08:09 AM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •