| Welcome to the Zimbra - Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
01-05-2008, 11:57 PM
| | Special Member | |
Posts: 100
| |
Any update on this TLS issue? .. Both our production server and test server have the same issue .. the fix was to set all YES to NO in the ldap cf files as stated in this last posting .. it seems this is something of a major bug .. how could all of the beta folks have not seen this and it get passed to GA ??
BRW |
01-06-2008, 12:00 AM
| | Zimbra Consultant | |
Posts: 5,606
| |
Yeah, it caught us by surprise as well.
The fix for this and the commercial cert issue will be in 5.0.1 which is set to be released really really soon. Can't give an exact date, but soon  |
01-06-2008, 12:08 AM
| | Special Member | |
Posts: 100
| |
THanks for the update .. it sure freaked us out after the update appeared to go well but then ZERO email in/out ..
Hope to see 5.0.1 soon 
BRW |
01-07-2008, 05:09 PM
| | |
Quote:
Originally Posted by brwatters  THanks for the update .. it sure freaked us out after the update appeared to go well but then ZERO email in/out ..
Hope to see 5.0.1 soon
BRW | Yes, we experienced the same panic. The main bug that GA was going to address for us worked wonderfully.. and honestly.. I did not do much more testing until I saw a flurry of bounces from another of our mail servers.
Caveat constructum. |
01-08-2008, 01:17 PM
| | |
We encountered this same problem and after reading through this thread, I applied the suggested steps (including the additional steps of disabling tls) and yet the error still occurred. We just figured out that it is related to shared calendars. If shared calendars are enabled, the same error about an expired certificate occurs, but if the shared calendars are unchecked, the error goes away. Does anyone have an idea of where this could be originating? And hopefully, the 5.0.1 fix will catch this aspect as well. Thanks. |
01-09-2008, 03:47 PM
| | | 
Just to follow up to my own post:
This problem was resolved by Zimbra Support. In addition to the certificate files, Sun java keeps certificates in a keystore file. Here is the solution as received from support: The keystore showed still the old certificate entry for tomcat now that we have moved to jetty
keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
jetty, Jan 8, 2008 , PrivateKeyEntry,
Certificate fingerprint (MD5): xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
tomcat, Jun 5, 2006 , PrivateKeyEntry,
Certificate fingerprint (MD5): xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
Deleted tomcat alias with
keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
zmcontrol stop
zmcontrol start
Hopefully, this will help someone else with similar problems.
Wendell  |
01-10-2008, 05:40 AM
| | |
Quote:
Originally Posted by gwjones Just to follow up to my own post:
Deleted tomcat alias with
keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
zmcontrol stop
zmcontrol start
Wendell | Thanx Wendell, this post saved my but bigtime today, since for some reasons we kept getting internal errors with shared calendars rendering our planning departments powerless to function.
John Tolenaars |
01-10-2008, 06:58 PM
| | |
Quote:
Originally Posted by gwjones ... In addition to the certificate files, Sun java keeps certificates in a keystore file.... | Hmm the output I receive from that command is the following: Code: Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
tomcat, Feb 16, 2007, PrivateKeyEntry,
Certificate fingerprint (MD5): 19:44:7D:E8:A8:D8:19:90:39:42:E8:AF:D2:3E:AA:25 Is this a problem in any way? I seem to be missing the jetty keystore entirely. |
01-13-2008, 06:29 AM
| | |
I think I'm encountering the same problem with 5.0.1 NE. After a clean install I have requested a commercial certificate. I installed it trough the web interface without any problems.
But after this action the servers stops sending and receiving mail. The log file is flooded with messages like Unable to set STARTTLS.
What should I do? When I use the command as above I get back that there is 1 entry in my keystore, jetty. I hope someone can assist me. |
01-13-2008, 08:35 AM
| | |
Quote:
Originally Posted by bramm I think I'm encountering the same problem with 5.0.1 NE. After a clean install I have requested a commercial certificate. I installed it trough the web interface without any problems.
But after this action the servers stops sending and receiving mail. The log file is flooded with messages like Unable to set STARTTLS.
What should I do? When I use the command as above I get back that there is 1 entry in my keystore, jetty. I hope someone can assist me. | I have edited the ldap files not to load the tls as stated above. So everything works now, but this is not the right way to go I think. I assume that a commercial certificate should be installed correctly when using the web interface.
I'm using ubuntu and the corresponding version. | | Thread Tools | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
