Zimbra Admin Service not using right SSL certs

[digitaldan]

After upgrading to 5.0 I used the Admin certificate tool to generate new certificates for my zimbra install. This worked fine for everything except the admin service its self on 7071. It continued to use the existing expired certificate. Digging around the Jetty configuration I found that the keystore that Jetty was using had two certs in it, the old one with the alias 'tomcat' and the new one with the alias 'jetty'. It looks like the jetty server is just taking the first cert in the chain. The solution is to delete the old tomcat certificate out of the keystore

first cd into the jetty dir

Code:

cd /opt/zimbra/jetty/etc

list the certs to see if the old tomcat is there, password is zimbra

Code:

/opt/zimbra/java/jre/bin/keytool -list -v -keystore ./keystore

if it is delete it, password is zimbra

Code:

/opt/zimbra/java/jre/bin/keytool -delete -v -keystore ./keystore -alias tomcat

then restart the service to use the right cert.

Hope this helps
D-

[Insanity5902]

I found this also. It affects all services running from jetty, so if you aren't using the proxy services, it affects imap, pop, etc.