Results 1 to 5 of 5

Thread: After installing Commerical SSL certificate in zcs.5.0.7..shows error while restart

  1. #1
    chenthil is offline Active Member
    Join Date
    Oct 2006
    Location
    India
    Posts
    49
    Rep Power
    8

    Default After installing Commerical SSL certificate in zcs.5.0.7..shows error while restart

    Hi ,
    I have installed commercial ssl certificate . when i restarted my zimbra services ..it showed me strange error ... have anyone faced similar 1 and Please suggest me ..what are consequences

    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key commercial.crt commercial_ca.crt
    ** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: commercial.crt: OK
    [root@mail ]# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
    ** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: commercial.crt: OK
    ** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    [root@mail ]# su - zimbra
    [zimbra@mail ~]$ zmcontrol stop
    Host mail.*******.com
    Stopping stats...Done
    Stopping mta...Done
    Stopping spell...Done
    Stopping snmp...Done
    Stopping archiving...Done
    Stopping antivirus...Done
    Stopping antispam...Done
    Stopping imapproxy...Done
    Stopping mailbox...Done
    Stopping logger...Done
    Stopping ldap...Done
    [zimbra@mail ~]$ zmcontrol start
    Host mail.*******.com
    Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.

    Starting logger...Done.
    Starting mailbox...Done.
    Starting imapproxy...Done.
    Starting antispam...Done.
    Starting antivirus...Done.
    Starting snmp...Done.
    Starting spell...Done.
    Starting mta...Done.
    Starting stats...Done.

    Whenever i restart the zimbra services am facing this problem ..

    error while starting the zimbra services when lapd starts ...

    ( log error in /var/log/zimbra.log at this point of time : Jul 10 *** mail zimbramon[14281]: 14281:info: Starting services initiated by zmcontrol
    Jul 10 **** mail slapd[14344]: @(#) $OpenLDAP: slapd 2.3.42 (May 29 2008 13:55:16) $ build@build10.re.zimbra.com:/home/build/p4/main/ThirdParty/openldap/openldap-2.3.42.6z/servers/slapd
    Jul 10 *** mail slapd[14345]: slapd starting )

    su - zimbra
    [zimbra@mail ~]$ zmcontrol status
    Host mail.*******.com
    antispam Running
    antivirus Running
    imapproxy Running
    ldap Running
    logger Running
    mailbox Running
    mta Running
    snmp Running
    spell Running
    stats Running


    when i saw the certificate in the GUI admin console ..it seems to be fine ....

    Please update ...
    Last edited by chenthil; 07-11-2008 at 12:32 AM.

  2. #2
    chenthil is offline Active Member
    Join Date
    Oct 2006
    Location
    India
    Posts
    49
    Rep Power
    8

    Default

    Hi ,
    can any1 help me regarding this ....

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,505
    Rep Power
    57

    Default

    Quote Originally Posted by chenthil View Post
    .. can any1 help me regarding this ....
    A search of the forums (always the best place to start ) for "Enabled services read from cache" will give you the answer you need. Please update your profile with the output of "zmcontrol -v".
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    chenthil is offline Active Member
    Join Date
    Oct 2006
    Location
    India
    Posts
    49
    Rep Power
    8

    Default

    zmcontrol -v


    Release 5.0.7_GA_2450.RHEL5_20080630192737 RHEL5 NETWORK edition


    Hi ,
    I have found a interesting thing also ...

    I have prepared a test bed and replicated my mail server .

    I installed the certificate .i have even restarted .it was fine ... it didnt give me any error ..

    Later when i executed zmtlsctl command ... it again showed the same error ...
    I have attached my experience.... can any1 faced similar things .. can 1 help me .....

    Even when i turned back to normal HTTP mode ( zmtlsctl ) ..till the problem the persist



    [root@mail commercial]# /opt/zimbra/bin/zmcertmgr verifycrt comm
    ** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) ma
    tch.
    Valid Certificate: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK
    [root@mail commercial]# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt commercial_ca.crt
    ** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: commercial.crt: OK
    ** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    cp: `commercial.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial.crt' are the same file
    ** Appending ca chain commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    cp: `commercial_ca.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' are the same file
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    [root@mail commercial]#
    [root@mail commercial]#
    [root@mail commercial]# su - zimbra
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$ zmcontrol stop
    Host mail.******.com
    Stopping stats...Done
    Stopping mta...Done
    Stopping spell...Done
    Stopping snmp...Done
    Stopping archiving...Done
    Stopping antivirus...Done
    Stopping antispam...Done
    Stopping imapproxy...Done
    Stopping mailbox...Done
    Stopping logger...Done
    Stopping ldap...Done
    [zimbra@mail ~]$ zmcontrol start
    Host mail.*******.com
    Starting ldap...Done.
    Starting logger...Done.
    Starting mailbox...Done.
    Starting imapproxy...Done.
    Starting antispam...Done.
    Starting antivirus...Done.
    Starting snmp...Done.
    Starting spell...Done.
    Starting mta...Done.
    Starting stats...Done.
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$ zmtlsctl redirect
    Setting tls mode to redirect
    Updating /opt/zimbra/mailboxd/etc/jetty.xml.in...done.
    Updating /opt/zimbra/jetty/etc/zimbra.web.xml.in...done.
    Updating /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in...done.
    Updating PROTOCOL MODE in /opt/zimbra/mailboxd/etc/zimbra.web.xml.in...done.
    Rewriting config files for webxml and mailboxd...done.
    Updating /opt/zimbra/cyrus-sasl/etc/saslauthd.conf.in...done.
    Rewriting config files for cyrus-sasl...done.
    Setting ldap config zimbraMailMode redirect for mail.******.com...done.
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$ exit
    logout
    [root@mail commercial]# nmap localhost

    Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2008-07-14 22:17 IST
    Interesting ports on localhost.localdomain (127.0.0.1):
    Not shown: 1672 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    111/tcp open rpcbind
    465/tcp open smtps
    953/tcp open rndc
    1016/tcp open unknown

    Nmap finished: 1 IP address (1 host up) scanned in 0.200 seconds
    [root@mail commercial]#
    [root@mail commercial]#
    [root@mail commercial]# su - zimbra
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$ zmcontrol stop
    Host mail.eforceglobal.com
    Stopping stats...Done
    Stopping mta...Done
    Stopping spell...Done
    Stopping snmp...Done
    Stopping archiving...Done
    Stopping antivirus...Done
    Stopping antispam...Done
    Stopping imapproxy...Done
    Stopping mailbox...Done
    Stopping logger...Done
    Stopping ldap...Done
    [zimbra@mail ~]$ zmcontrol start
    Host mail.eforceglobal.com
    Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Starting logger...Done.
    Starting mailbox...Done.
    Starting imapproxy...Done.
    Starting antispam...Done.
    Starting antivirus...Done.
    Starting snmp...Done.
    Starting spell...Done.
    Starting mta...Done.
    Starting stats...Done.
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$ zmtlsctl http
    Setting tls mode to http
    Updating /opt/zimbra/mailboxd/etc/jetty.xml.in...done.
    Updating /opt/zimbra/jetty/etc/zimbra.web.xml.in...done.
    Updating /opt/zimbra/jetty/etc/zimbraAdmin.web.xml.in...done.
    Updating PROTOCOL MODE in /opt/zimbra/mailboxd/etc/zimbra.web.xml.in...done.
    Rewriting config files for webxml and mailboxd...done.
    Updating /opt/zimbra/cyrus-sasl/etc/saslauthd.conf.in...done.
    Rewriting config files for cyrus-sasl...done.
    Setting ldap config zimbraMailMode http for mail.******.com...done.
    [zimbra@mail ~]$
    [zimbra@mail ~]$
    [zimbra@mail ~]$ exit
    logout
    [root@mail commercial]# nmap localhost

    Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2008-07-14 22:23 IST
    Interesting ports on localhost.localdomain (127.0.0.1):
    Not shown: 1667 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    110/tcp open pop3
    111/tcp open rpcbind
    143/tcp open imap
    443/tcp open https
    465/tcp open smtps
    953/tcp open rndc
    993/tcp open imaps
    995/tcp open pop3s
    1016/tcp open unknown

    Nmap finished: 1 IP address (1 host up) scanned in 0.229 seconds
    [root@mail commercial]#
    [root@mail commercial]#
    [root@mail commercial]#
    [root@mail commercial]#
    [root@mail commercial]# su - zimbra
    [zimbra@mail ~]$
    [zimbra@mail ~]$ zmcontrol stop
    Host mail.******.com
    Stopping stats...Done
    Stopping mta...Done
    Stopping spell...Done
    Stopping snmp...Done
    Stopping archiving...Done
    Stopping antivirus...Done
    Stopping antispam...Done
    Stopping imapproxy...Done
    Stopping mailbox...Done
    Stopping logger...Done
    Stopping ldap...Done
    [zimbra@mail ~]$ zmcontrol start
    Host mail.*******.com
    Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.

    Starting logger...Done.
    Starting mailbox...Done.
    Starting imapproxy...Done.
    Starting antispam...Done.
    Starting antivirus...Done.
    Starting snmp...Done.
    Starting spell...Done.
    Starting mta...Done.
    Starting stats...Done.
    [zimbra@mail ~]$ zmcontrol -v


    Release 5.0.7_GA_2450.RHEL5_20080630192737 RHEL5 NETWORK edition

    [zimbra@mail ~]$
    [zimbra@mail ~]$

  5. #5
    chenthil is offline Active Member
    Join Date
    Oct 2006
    Location
    India
    Posts
    49
    Rep Power
    8

    Default

    Please update this issue .. have any1 faced this issue and please help me in this ..

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. [SOLVED] Outlook no longer updating
    By jeremy.pratt in forum Zimbra Connector for BlackBerry
    Replies: 10
    Last Post: 05-30-2008, 03:22 PM
  3. Self-Signed SSL Certificate Causing Crash
    By VxJasonxV in forum Administrators
    Replies: 1
    Last Post: 12-06-2007, 01:24 PM
  4. Replies: 2
    Last Post: 07-11-2007, 04:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •