Certificate/Keystore Install Probs

[rsharpe]

Yesterday I install my multi-server Zimbra system 2 LDAP, 1 MTA, 1 Mailstore. Everything went pretty smoothly with help from Marcmac *clapping*. I found a problem when trying to send mail though. There was a bunch of TLS errors in the zimbra.log on the MTA. So I went and looked in my install logs and there are some certificate and keystore errors. I removed all instances of Zimbra from my servers cleaned out any sign of zimbra that I could find and now I have just finished installing my master LDAP server. I have the same errors as before, I have search the forums for information on these errors, as I know there is a ton of info on certificates and what not, but I came up dry. Here is a snippit of my log file:

Code:

** Creating CA private key

Generating a 1024 bit RSA private key
...++++++
..++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/ca/ca.key'
-----
** Creating CA cert

Signature ok
subject=/C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/CN=titan.largnet.on.ca
Getting Private key
unable to write 'random state'
mkdir: cannot create directory `/opt/zimbra/tomcat': Permission denied
** Importing CA

Certificate was added to keystore
** Creating keystore

keytool error: java.io.FileNotFoundException: /opt/zimbra/tomcat/conf/keystore (No such file or directory)
** Creating server cert request

Generating a 1024 bit RSA private key
.......................................................++++++
.................................++++++
unable to write 'random state'
writing new private key to '/opt/zimbra/ssl/ssl/server/server.key'
-----
keytool error: java.lang.Exception: Keystore file does not exist: /opt/zimbra/tomcat/conf/keystore
cp: cannot stat `/opt/zimbra/ssl/ssl/server/tomcat.csr': No such file or directory
cat: /tmp/tomcat.csr.3478: No such file or directory
** Signing cert request

Using configuration from /opt/zimbra/ssl/ssl/zmssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
- break -
Write out database with 1 new entries
Data Base Updated
unable to write 'random state'
3574:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:642:Expecting: CERTIFICATE REQUEST
unable to write 'random state'
Started slapd: pid 3808

From reading these forums and other sources I understand the unable to write random state isn't really anything to worry about. But the unable to create directory seems wrong, I am running the install as root. The only thought that comes to mind on this is that tomcat is not required for LDAP so it is not installed? And since it was unable to create that directory the keystore commands start to choke and it just goes from bad to worse. Thanks in advanced for your help!

[marcmac]

Yes, that's exactly right - it's failing because their's no tomcat.

Which shouldn't really be a problem. Try creating the directory /opt/zimbra/tomcat/conf (you'll need to be root) and chowning it to zimbra. THen, re-run the zmcreatecert command.

2 LDAP servers, one mailstore?

[rsharpe]

The zmcreatecert seemed to work well there is just one thing I'm not sure if I should be worried about

Code:

keytool error: java.lang.Exception: Certificate not imported, alias my_ca already exists

Quote:

2 LDAP servers, one mailstore?

Yep two LDAP servers one master, one replica, one mailstore, and eventually two MTAs

[marcmac]

You need to delete the my_ca alias from your keystore, then recreate the ca and cert

ca deletion is just like cert deletion, but delete the my_ca alias, instead of the tomcat alias.

[rdavisids]

I am having the same message but Zimbra seems to have a /opt/zimbra/tomcat directory pointing to /opt/zimbra/jakarta-tomcat-5.5.7

I am using a single server for zimbra 3.0.1 (160) for RHEL 4

should I create a directory anyway?