Zimbra

chenthil · #1 (**permalink**) 07-10-2008, 09:57 PM

Hi ,
I have installed commercial ssl certificate . when i restarted my zimbra services ..it showed me strange error ... have anyone faced similar 1 and Please suggest me ..what are consequences

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key commercial.crt commercial_ca.crt
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: commercial.crt: OK
[root@mail ]# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: commercial.crt: OK
** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
[root@mail ]# su - zimbra
[zimbra@mail ~]$ zmcontrol stop
Host mail.*******.com
Stopping stats...Done
Stopping mta...Done
Stopping spell...Done
Stopping snmp...Done
Stopping archiving...Done
Stopping antivirus...Done
Stopping antispam...Done
Stopping imapproxy...Done
Stopping mailbox...Done
Stopping logger...Done
Stopping ldap...Done
[zimbra@mail ~]$ zmcontrol start
Host mail.*******.com
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting logger...Done.
Starting mailbox...Done.
Starting imapproxy...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.

Whenever i restart the zimbra services am facing this problem ..

error while starting the zimbra services when lapd starts ...

( log error in /var/log/zimbra.log at this point of time : Jul 10 *** mail zimbramon[14281]: 14281:info: Starting services initiated by zmcontrol
Jul 10 **** mail slapd[14344]: @(#) $OpenLDAP: slapd 2.3.42 (May 29 2008 13:55:16) $ build@build10.re.zimbra.com:/home/build/p4/main/ThirdParty/openldap/openldap-2.3.42.6z/servers/slapd
Jul 10 *** mail slapd[14345]: slapd starting )

su - zimbra
[zimbra@mail ~]$ zmcontrol status
Host mail.*******.com
antispam Running
antivirus Running
imapproxy Running
ldap Running
logger Running
mailbox Running
mta Running
snmp Running
spell Running
stats Running

when i saw the certificate in the GUI admin console ..it seems to be fine ....

Please update ...

chenthil · #2 (**permalink**) 07-12-2008, 07:27 AM

Hi ,
can any1 help me regarding this ....

phoenix · #3 (**permalink**) 07-12-2008, 07:47 AM

Quote:

Originally Posted by chenthil

.. can any1 help me regarding this ....

A search of the forums (always the best place to start

) for "Enabled services read from cache" will give you the answer you need. Please update your profile with the output of "zmcontrol -v".

chenthil · #4 (**permalink**) 07-14-2008, 07:57 AM

zmcontrol -v

Release 5.0.7_GA_2450.RHEL5_20080630192737 RHEL5 NETWORK edition

Hi ,
I have found a interesting thing also ...

I have prepared a test bed and replicated my mail server .

I installed the certificate .i have even restarted .it was fine ... it didnt give me any error ..

Later when i executed zmtlsctl command ... it again showed the same error ...
I have attached my experience.... can any1 faced similar things .. can 1 help me .....

Even when i turned back to normal HTTP mode ( zmtlsctl ) ..till the problem the persist

[root@mail commercial]# /opt/zimbra/bin/zmcertmgr verifycrt comm
** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) ma
tch.
Valid Certificate: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK
[root@mail commercial]# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: commercial.crt: OK
** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
cp: `commercial.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial.crt' are the same file
** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
cp: `commercial_ca.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' are the same file
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
[root@mail commercial]#
[root@mail commercial]#
[root@mail commercial]# su - zimbra
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$ zmcontrol stop
Host mail.******.com
Stopping stats...Done
Stopping mta...Done
Stopping spell...Done
Stopping snmp...Done
Stopping archiving...Done
Stopping antivirus...Done
Stopping antispam...Done
Stopping imapproxy...Done
Stopping mailbox...Done
Stopping logger...Done
Stopping ldap...Done
[zimbra@mail ~]$ zmcontrol start
Host mail.*******.com
Starting ldap...Done.
Starting logger...Done.
Starting mailbox...Done.
Starting imapproxy...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$ zmtlsctl redirect
Setting tls mode to redirect
Updating /opt/zimbra/mailboxd/etc/jetty.xml.in...done.
Updating /opt/zimbra/jetty/etc/zimbra.web.xml.in...done.
Updating /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in...done.
Updating PROTOCOL MODE in /opt/zimbra/mailboxd/etc/zimbra.web.xml.in...done.
Rewriting config files for webxml and mailboxd...done.
Updating /opt/zimbra/cyrus-sasl/etc/saslauthd.conf.in...done.
Rewriting config files for cyrus-sasl...done.
Setting ldap config zimbraMailMode redirect for mail.******.com...done.
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$ exit
logout
[root@mail commercial]# nmap localhost

Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2008-07-14 22:17 IST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1672 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
465/tcp open smtps
953/tcp open rndc
1016/tcp open unknown

Nmap finished: 1 IP address (1 host up) scanned in 0.200 seconds
[root@mail commercial]#
[root@mail commercial]#
[root@mail commercial]# su - zimbra
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$ zmcontrol stop
Host mail.eforceglobal.com
Stopping stats...Done
Stopping mta...Done
Stopping spell...Done
Stopping snmp...Done
Stopping archiving...Done
Stopping antivirus...Done
Stopping antispam...Done
Stopping imapproxy...Done
Stopping mailbox...Done
Stopping logger...Done
Stopping ldap...Done
[zimbra@mail ~]$ zmcontrol start
Host mail.eforceglobal.com
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting logger...Done.
Starting mailbox...Done.
Starting imapproxy...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$ zmtlsctl http
Setting tls mode to http
Updating /opt/zimbra/mailboxd/etc/jetty.xml.in...done.
Updating /opt/zimbra/jetty/etc/zimbra.web.xml.in...done.
Updating /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in...done.
Updating PROTOCOL MODE in /opt/zimbra/mailboxd/etc/zimbra.web.xml.in...done.
Rewriting config files for webxml and mailboxd...done.
Updating /opt/zimbra/cyrus-sasl/etc/saslauthd.conf.in...done.
Rewriting config files for cyrus-sasl...done.
Setting ldap config zimbraMailMode http for mail.******.com...done.
[zimbra@mail ~]$
[zimbra@mail ~]$
[zimbra@mail ~]$ exit
logout
[root@mail commercial]# nmap localhost

Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2008-07-14 22:23 IST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1667 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
443/tcp open https
465/tcp open smtps
953/tcp open rndc
993/tcp open imaps
995/tcp open pop3s
1016/tcp open unknown

Nmap finished: 1 IP address (1 host up) scanned in 0.229 seconds
[root@mail commercial]#
[root@mail commercial]#
[root@mail commercial]#
[root@mail commercial]#
[root@mail commercial]# su - zimbra
[zimbra@mail ~]$
[zimbra@mail ~]$ zmcontrol stop
Host mail.******.com
Stopping stats...Done
Stopping mta...Done
Stopping spell...Done
Stopping snmp...Done
Stopping archiving...Done
Stopping antivirus...Done
Stopping antispam...Done
Stopping imapproxy...Done
Stopping mailbox...Done
Stopping logger...Done
Stopping ldap...Done
[zimbra@mail ~]$ zmcontrol start
Host mail.*******.com
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting logger...Done.
Starting mailbox...Done.
Starting imapproxy...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.
[zimbra@mail ~]$ zmcontrol -v

Release 5.0.7_GA_2450.RHEL5_20080630192737 RHEL5 NETWORK edition

[zimbra@mail ~]$
[zimbra@mail ~]$

chenthil · #5 (**permalink**) 07-15-2008, 10:36 PM

Please update this issue .. have any1 faced this issue and please help me in this ..

Zimbra

Downloads

Product Information

Toolbox

Why Join?