Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Installation
Reload this Page [SOLVED] ZCS 6.0 GoDaddy cert install issue

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-03-2009, 08:39 AM
Intermediate Member
  
Posts: 17
Default [SOLVED] ZCS 6.0 GoDaddy cert install issue
Hi,

I have the latest ZCS (6.0) on fresh install on Ubuntu 8.06 64bit. Everything ok until I have replaced the self signed certificate.
I have generated an CSR, go at GoDaddy and generate an certificate. I downloaded the certificate for Tomcat web server and followed the installation steps in ZCS. Then zmcontrol stop/start, then... problems:
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting logger...Done.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.

in zimbra log:

service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.Validat

And the CPU's stays in 80% usage and no webaccess.

I have reissued an self signed certificate from CLI:
1. Begin by generating a new Certificate Authority (CA).
zmcertmgr createca -new
2. Then generate a certificate signed by the CA that expires in 365 days.
zmcertmgr createcrt -new -days 365
3. Next deploy the certificate.
zmcertmgr deploycrt self
4. To finish, verify the certificate was deployed to all the services.
zmcertmgr viewdeployedcrt

Then I was able to log on back in the admin section. I have repeated again everything but stil the same issue.

What should I do? I need to use that certificate from a known CA.

Additional details:
- the hostname of the machine is the default and only domain in ZCS
- host file ok
- hostname is example.com and the csr/certificate is for *.example.com (can this be the issue?). The reason for that is I have an virtual host like webmail.example.com and I need the wildcard type of certificate.


Thanks,



Solved:

1. Download the certificates issued by GoDaddy for Tomcat webserver.
2. Create a new folder 'certs" in /opt/zimbra
3. chown -R zimbra:zimbra /opt/zimbra/certs
4. rename the certificate file to commercial.crt and gd_bundle.crt to commercial_ca.crt
5. cd /opt/zimbra/bin
6. run: ./zmcertmgr deploycrt comm /opt/zimbra/certs/commercial.crt /opt/zimbra/certs/commercial_ca.crt
7. restart zimbra (zmcontrol stop/start)

Got inspired from:
Zimbra 5.08 SSL Certificate Instalation
Last edited by georgelazar; 09-04-2009 at 12:34 PM..
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.