Zimbra

rnuno · #11 (**permalink**) 01-04-2010, 12:13 PM

Your suggesting some kind of DNS resolution problem?

Code:

[root@email /]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
192.168.10.37           email.system.com email

Where system.com is just a bogus name for not exposing our host in the forum
DNS and Host files if fine. Is there anyway that i can put the server back up without TLS?

Or do you think because we had a Godaddy cert i need to put teh Goddady cert to put the server back up?

Im running of time to solve this.. should i try to run upgrade for a 6.x version?

heres my system version:

Code:

[zimbra@email ~]$ zmcontrol -v


Release 5.0.21_GA_3151.RHEL4_20091211080331 CentOS4

*iway* · #12 (**permalink**) 01-04-2010, 12:34 PM

Yes, you should reinstall the certs to be sure. Seems like a problem.

rnuno · #13 (**permalink**) 01-04-2010, 12:37 PM

Checking teh update log i found this:

Code:

Mon Jan  4 17:12:22 2010 Setting up CA...
Mon Jan  4 17:12:22 2010 *** Running as root user: /opt/zimbra/openssl/bin/openssl verify -purpose sslserver -CAfile /opt/zimbra/conf/ca/ca.pem /opt/zimbra/conf/ca/ca.pem | egrep ^error 10
Mon Jan  4 17:12:22 2010 *** Running as root user: /opt/zimbra/bin/zmcertmgr createca
Mon Jan  4 17:12:22 2010 done.
Mon Jan  4 17:12:22 2010 Deploying CA to /opt/zimbra/conf/ca ...
Mon Jan  4 17:12:22 2010 *** Running as root user: /opt/zimbra/bin/zmcertmgr deployca -localonly
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Copying CA to /opt/zimbra/conf/ca...done.
Mon Jan  4 17:12:24 2010 done.
Mon Jan  4 17:12:24 2010 *** Running as root user: /opt/zimbra/bin/zmcertmgr verifycrt comm > /dev/null 2>&1
** Verifying /opt/zimbra/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/opt/zimbra/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /opt/zimbra/ssl/zimbra/commercial/commercial.crt: OK
Mon Jan  4 17:12:26 2010 Installing mailboxd SSL certificates...
Mon Jan  4 17:12:26 2010 *** Running as root user: /opt/zimbra/bin/zmcertmgr deploycrt self
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.

XXXXX ERROR: failed to create jetty.pkcs12
unable to load private key

Mon Jan  4 17:12:31 2010 failed.

It seams i already messed up the certs than maybe i should.

rnuno · #14 (**permalink**) 01-04-2010, 01:23 PM

I tried to run the Godaddy certs still the same problem

So Iv used the wiki article: Recreating a Self-Signed SSL

Code:

[root@email /]# /opt/zimbra/bin/zmcertmgr verifycrt self
** Verifying /opt/zimbra/ssl/zimbra/server/server.crt against /opt/zimbra/ssl/zimbra/server/server.key
Certificate (/opt/zimbra/ssl/zimbra/server/server.crt) and private key (/opt/zimbra/ssl/zimbra/server/server.key) match.
Valid Certificate: /opt/zimbra/ssl/zimbra/server/server.crt: OK
[root@email /]# /opt/zimbra/bin/zmcertmgr viewdeployedcrt all
::service mta::
notBefore=Jan  4 21:15:22 2010 GMT
notAfter=Jan  4 21:15:22 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=email.moonlight.pt
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=email.moonlight.pt
SubjectAltName=
::service proxy::
notBefore=Jan  4 21:15:22 2010 GMT
notAfter=Jan  4 21:15:22 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=email.moonlight.pt
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=email.moonlight.pt
SubjectAltName=
::service mailboxd::
notBefore=Jan  4 21:15:22 2010 GMT
notAfter=Jan  4 21:15:22 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=email.moonlight.pt
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=email.moonlight.pt
SubjectAltName=
::service ldap::
notBefore=Jan  4 21:15:22 2010 GMT
notAfter=Jan  4 21:15:22 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=email.moonlight.pt
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=email.moonlight.pt
SubjectAltName=
[root@email /]#

And i cant put the server to work. According to the info above iv replaced all certs to a self signed on but i still get the same error what am i doing wrong?

Help! Please

Zimbra

Downloads

Product Information

Toolbox

Why Join?