I have the latest ZCS (6.0) on fresh install on Ubuntu 8.06 64bit. Everything ok until I have replaced the self signed certificate.
I have generated an CSR, go at GoDaddy and generate an certificate. I downloaded the certificate for Tomcat web server and followed the installation steps in ZCS. Then zmcontrol stop/start, then... problems:
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
in zimbra log:
service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.Validat
And the CPU's stays in 80% usage and no webaccess.
I have reissued an self signed certificate from CLI:
1. Begin by generating a new Certificate Authority (CA).
zmcertmgr createca -new
2. Then generate a certificate signed by the CA that expires in 365 days.
zmcertmgr createcrt -new -days 365
3. Next deploy the certificate.
zmcertmgr deploycrt self
4. To finish, verify the certificate was deployed to all the services.
Then I was able to log on back in the admin section. I have repeated again everything but stil the same issue.
What should I do? I need to use that certificate from a known CA.
- the hostname of the machine is the default and only domain in ZCS
- host file ok
- hostname is example.com and the csr/certificate is for *.example.com (can this be the issue?). The reason for that is I have an virtual host like webmail.example.com and I need the wildcard type of certificate.
1. Download the certificates issued by GoDaddy for Tomcat webserver.
2. Create a new folder 'certs" in /opt/zimbra
3. chown -R zimbra:zimbra /opt/zimbra/certs
4. rename the certificate file to commercial.crt and gd_bundle.crt to commercial_ca.crt
5. cd /opt/zimbra/bin
6. run: ./zmcertmgr deploycrt comm /opt/zimbra/certs/commercial.crt /opt/zimbra/certs/commercial_ca.crt
7. restart zimbra (zmcontrol stop/start)
Got inspired from:
Zimbra 5.08 SSL Certificate Instalation