Results 1 to 5 of 5

Thread: Certificate/Keystore Install Probs

  1. #1
    rsharpe is offline Elite Member & Volunteer
    Join Date
    Nov 2005
    Location
    London, ON
    Posts
    255
    Rep Power
    9

    Default Certificate/Keystore Install Probs

    Yesterday I install my multi-server Zimbra system 2 LDAP, 1 MTA, 1 Mailstore. Everything went pretty smoothly with help from Marcmac *clapping*. I found a problem when trying to send mail though. There was a bunch of TLS errors in the zimbra.log on the MTA. So I went and looked in my install logs and there are some certificate and keystore errors. I removed all instances of Zimbra from my servers cleaned out any sign of zimbra that I could find and now I have just finished installing my master LDAP server. I have the same errors as before, I have search the forums for information on these errors, as I know there is a ton of info on certificates and what not, but I came up dry. Here is a snippit of my log file:
    Code:
    ** Creating CA private key
    
    Generating a 1024 bit RSA private key
    ...++++++
    ..++++++
    unable to write 'random state'
    writing new private key to '/opt/zimbra/ssl/ssl/ca/ca.key'
    -----
    ** Creating CA cert
    
    Signature ok
    subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=titan.largnet.on.ca
    Getting Private key
    unable to write 'random state'
    mkdir: cannot create directory `/opt/zimbra/tomcat': Permission denied
    ** Importing CA
    
    Certificate was added to keystore
    ** Creating keystore
    
    keytool error: java.io.FileNotFoundException: /opt/zimbra/tomcat/conf/keystore (No such file or directory)
    ** Creating server cert request
    
    Generating a 1024 bit RSA private key
    .......................................................++++++
    .................................++++++
    unable to write 'random state'
    writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
    -----
    keytool error: java.lang.Exception: Keystore file does not exist: /opt/zimbra/tomcat/conf/keystore
    cp: cannot stat `/opt/zimbra/ssl/ssl/server/tomcat.csr': No such file or directory
    cat: /tmp/tomcat.csr.3478: No such file or directory
    ** Signing cert request
    
    Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
    Check that the request matches the signature
    Signature ok
    Certificate Details:
    - break -
    Write out database with 1 new entries
    Data Base Updated
    unable to write 'random state'
    3574:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:642:Expecting: CERTIFICATE REQUEST
    unable to write 'random state'
    Started slapd: pid 3808
    From reading these forums and other sources I understand the unable to write random state isn't really anything to worry about. But the unable to create directory seems wrong, I am running the install as root. The only thought that comes to mind on this is that tomcat is not required for LDAP so it is not installed? And since it was unable to create that directory the keystore commands start to choke and it just goes from bad to worse. Thanks in advanced for your help!

  2. #2
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default

    Yes, that's exactly right - it's failing because their's no tomcat.

    Which shouldn't really be a problem. Try creating the directory /opt/zimbra/tomcat/conf (you'll need to be root) and chowning it to zimbra. THen, re-run the zmcreatecert command.

    2 LDAP servers, one mailstore?

  3. #3
    rsharpe is offline Elite Member & Volunteer
    Join Date
    Nov 2005
    Location
    London, ON
    Posts
    255
    Rep Power
    9

    Default

    The zmcreatecert seemed to work well there is just one thing I'm not sure if I should be worried about
    Code:
    keytool error: java.lang.Exception: Certificate not imported, alias my_ca already exists
    2 LDAP servers, one mailstore?
    Yep two LDAP servers one master, one replica, one mailstore, and eventually two MTAs

  4. #4
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default

    You need to delete the my_ca alias from your keystore, then recreate the ca and cert

    ca deletion is just like cert deletion, but delete the my_ca alias, instead of the tomcat alias.

  5. #5
    rdavisids is offline Active Member
    Join Date
    Dec 2005
    Location
    Dallas
    Posts
    32
    Rep Power
    9

    Default What about a pointer directory?

    I am having the same message but Zimbra seems to have a /opt/zimbra/tomcat directory pointing to /opt/zimbra/jakarta-tomcat-5.5.7

    I am using a single server for zimbra 3.0.1 (160) for RHEL 4

    should I create a directory anyway?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 11
    Last Post: 02-23-2014, 01:08 PM
  2. INSTALLATION PROBLEM ON Centos 4.3 x_86-64Bit.
    By jawad@cogilent.com in forum Installation
    Replies: 11
    Last Post: 07-09-2007, 08:09 AM
  3. Replies: 16
    Last Post: 11-29-2006, 10:36 AM
  4. Noob - good install, probs after
    By rdbates in forum Installation
    Replies: 8
    Last Post: 05-03-2006, 08:54 AM
  5. Install - Mostly OK, few probs
    By drogers in forum Users
    Replies: 23
    Last Post: 11-01-2005, 07:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •