Zimbra

dwfallin · #1 (**permalink**) 03-26-2009, 01:57 PM

zcs 5.0.14 on ubuntu 8.04 with thawte certificate: can someone tell me what is attempting to happen during zmcertmgr deploycrt that gives this message:

** Saving server config key zimbraSSLCertificate...failed.
** Saving server config key zimbraSSLPrivateKey...failed.

i'm working with rogle and we've been fighting the whole commercial ssl/tls issues for a couple days. none of the solutions we've found on here seems to work. most of the steps say all is ok, then we restart everything and we get the:
network_biopair_interop: error writing 2108 bytes to the networ
k: Broken pipe

error. we've tried 15914 and 19702 and many other deriviatives there of! help!

Ramadan Mansoura · #2 (**permalink**) 03-26-2009, 02:06 PM

Is the ldap service running?

dwfallin · #3 (**permalink**) 03-26-2009, 02:17 PM

Quote:

Originally Posted by Ramadan Mansoura

Is the ldap service running?

not at the moment. i figured i'd try deploying with zimbra stopped - should it be?

Ramadan Mansoura · #4 (**permalink**) 03-26-2009, 02:30 PM

ldap needs to be running as the cert needs to be saved in ldap.
that's why you are seeing the error.

dwfallin · #5 (**permalink**) 03-26-2009, 03:25 PM

zimbra@pfmail:~$ zmcontrol start
Host pfmail.memphis.css.local
Starting ldap...Done.
FAILED
Failed to start slapd. Attempting debug start to determine error.
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:356
TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:358
main: TLS init def ctx failed: -1

great - now ldap wont start! is it obvious from this whats broke now?

Ramadan Mansoura · #6 (**permalink**) 03-26-2009, 03:37 PM

1) check the permissions on those two files:
-rw-r--r-- 1 zimbra zimbra 1001 Mar 13 19:40 /opt/zimbra/conf/slapd.crt
-rw-r--r-- 1 zimbra zimbra 887 Sep 21 2008 /opt/zimbra/conf/slapd.key

2) is your private key encrypted or password protected?

dwfallin · #7 (**permalink**) 03-26-2009, 06:35 PM

zimbra@pfmail:~/conf$ ls -l slapd*
-rw-r----- 1 zimbra zimbra 7562 Mar 26 17:22 slapd.conf
-rw-r----- 1 zimbra zimbra 7575 Mar 26 13:51 slapd.conf.in
-rw-r--r-- 1 zimbra zimbra 10827 Mar 26 15:39 slapd.crt
-rw-r--r-- 1 zimbra zimbra 920 Mar 26 15:39 slapd.key

perms look ok. my partner built the key this time, but i've not been prompted for one with all the verifying/deploying - i think that would've come up by now!
any other suggestions?

btw - thanks for your efforts in this! we may build from scratch tomorrow...

Ramadan Mansoura · #8 (**permalink**) 03-26-2009, 09:14 PM

So ldap service is running now? What happens if you deploy the cert at this point?

Zimbra

Downloads

Product Information

Toolbox

Why Join?