Results 1 to 6 of 6

Thread: ZCS-8.0.5 on Ubuntu 12.04 x64 install fails due to SSL crt fails to create

  1. #1
    jempson is offline Member
    Join Date
    Jun 2012
    Posts
    11
    Rep Power
    3

    Default ZCS-8.0.5 on Ubuntu 12.04 x64 install fails due to SSL crt fails to create

    I have been attempting to install ZCS 8.0.0 through ZCS 8.0.5 all morning on this one Ubuntu server. I know it has to be an issue with the server config, but I can't see to find the root cause. When the install reaches the point of creating the SSL certs it fails to save the zimbraSSLCertificate and the zimbraSSLPrivateKey:

    Code:
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Copying CA to /opt/zimbra/conf/ca...done.
    Fri Oct 18 10:27:22 2013 done.
    Fri Oct 18 10:27:22 2013 Creating SSL zimbra-store certificate...
    Fri Oct 18 10:27:22 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr createcrt -new
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20131018102723
    ** Generating a server csr for download self -new -keysize 1024 -digest sha1
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20131018102723
    ** Retrieving Commercial CA cert from ldap...failed.
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    Fri Oct 18 10:28:31 2013 done.
    Fri Oct 18 10:28:31 2013 Creating new zimbra-ldap SSL certificate...
    Fri Oct 18 10:28:31 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr createcrt -new
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20131018102832
    ** Generating a server csr for download self -new -keysize 1024 -digest sha1
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20131018102832
    ** Retrieving Commercial CA cert from ldap...failed.
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    Fri Oct 18 10:29:39 2013 done.
    Fri Oct 18 10:29:39 2013 Creating new zimbra-mta SSL certificate...
    Fri Oct 18 10:29:39 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr createcrt -new
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20131018102940
    ** Generating a server csr for download self -new -keysize 1024 -digest sha1
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20131018102940
    ** Retrieving Commercial CA cert from ldap...failed.
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    Fri Oct 18 10:30:48 2013 done.
    Fri Oct 18 10:30:48 2013 Installing mailboxd SSL certificates...
    Fri Oct 18 10:30:48 2013 /opt/zimbra/mailboxd/etc/keystore didn't exist.
    Fri Oct 18 10:30:48 2013 -new was ne "".
    Fri Oct 18 10:30:48 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr deploycrt self
    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    Fri Oct 18 10:31:56 2013 done.
    Fri Oct 18 10:31:57 2013 Installing MTA SSL certificates...
    Fri Oct 18 10:31:57 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr deploycrt self
    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    Fri Oct 18 10:33:06 2013 done.
    Fri Oct 18 10:33:06 2013 Installing LDAP SSL certificate...
    Fri Oct 18 10:33:06 2013 *** Running as root user: /opt/zimbra/bin/zmcertmgr deploycrt self
    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    Fri Oct 18 10:34:15 2013 done.
    Fri Oct 18 10:34:15 2013 checking isEnabled zimbra-ldap
    Fri Oct 18 10:34:15 2013 zimbra-ldap is enabled
    Fri Oct 18 10:34:15 2013 Initializing ldap...
    Fri Oct 18 10:34:15 2013 *** Running as zimbra user: /opt/zimbra/libexec/zmldapinit
    IO::Socket::INET6: connect: Connection timed out at /opt/zimbra/libexec/zmldapinit line 137.
    Fri Oct 18 10:35:32 2013 failed. (28160)
    Fri Oct 18 10:35:32 2013
    
    ERROR
    
    Fri Oct 18 10:35:32 2013
    
    Configuration failed
    
    Fri Oct 18 10:35:32 2013 Please address the error and re-run /opt/zimbra/libexec/zmsetup.pl to
    Fri Oct 18 10:35:32 2013 complete the configuration.
    Fri Oct 18 10:35:32 2013
    Errors have been logged to /tmp/zmsetup.10182013-102124.log

    Please let me know what I should be looking for. I have attempted to create these certs manually. I have even ran the following command to allow untrusted certs.

    Code:
    /opt/zimbra/bin/zmlocalconfig -e ssl_allow_untrusted_certs=true
    I've change the /opt/zimbra/bin/zmcertmgr to my organization with no better results. I need to get this instance of ZCS up and running and am at my wits end.

    Any help would be appreciated.

    -Jared

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,583
    Rep Power
    57

    Default

    Why do you think this is a certificate error when it throws an error with an INET6 module?

    Is this a new install of ZCS on a clean Ubuntu server or are they both upgrades?

    Sent from my HTC Desire using Tapatalk
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    jempson is offline Member
    Join Date
    Jun 2012
    Posts
    11
    Rep Power
    3

    Default

    This is a new install on a freshly built Ubuntu 12.04 LTS server.

    Actually I saw the first error and assumed the last error, unable to connect to ldap, was based on the failure to create the LDAP SSLs. This would cause LDAP to not start. Or did I make to large of a leap in my logic?

    ---
    Also I am installing in ipv4 only mode. So I ignored the inet6 error knowing that the ssl certs are not installing. I will check my other servers install logs and see if I received the same ssl errors during install.

    ---
    Ok my previous build was on Ubuntu 10.04 and was too long ago to recover the logs. I have disabled ipv6 completely on my server and am attempting the install again. I will update when it completes or fails.

    Jared.
    Last edited by jempson; 10-18-2013 at 09:07 AM.

  4. #4
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    I routinely install zcs8 on ubuntu12 w/o issue. It sounds like there is a problem with your /etc/hosts file.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  5. #5
    jempson is offline Member
    Join Date
    Jun 2012
    Posts
    11
    Rep Power
    3

    Default

    Yes I just found that as well. The problem isn't with the /etc/hosts file. The problem is ZCS doesn't listen to the /etc/hosts file. No matter how I want my server configured it has to match what is in DNS. My problem is I don't run spit dns and didn't want my internal services communicating on the external interface. This seems to be a major limitation with in ZCS.

  6. #6
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,583
    Rep Power
    57

    Default

    You are required to run a Split DNS if you are behind a NAT router and your hosts file should match that configuration. It's a requirement of postfix that your ZCS server can be resolved by DNS, as mentioned in many forum threads and wiki article.

    Sent from my HTC Desire using Tapatalk
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra Ubuntu 10.04 LTS fails to install
    By heroin in forum Installation
    Replies: 2
    Last Post: 07-15-2011, 10:37 PM
  2. [SOLVED] ZDesktop Fails during on install on Ubuntu 9.04
    By harlanb in forum Installation Help
    Replies: 8
    Last Post: 09-09-2009, 03:29 PM
  3. Zimbra Desktop fails to install on Ubuntu 8.04
    By xbalanque in forum Installation Help
    Replies: 10
    Last Post: 08-26-2008, 08:36 AM
  4. installation fails on ubuntu 7.10
    By josevis in forum Installation
    Replies: 16
    Last Post: 11-22-2007, 03:44 PM
  5. ubuntu upgrade to 4.5.9 fails
    By jeepville in forum Installation
    Replies: 9
    Last Post: 11-01-2007, 10:44 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •