Results 1 to 3 of 3

Thread: Commercial Certificates for slapd

  1. #1
    Join Date
    Sep 2007
    Posts
    6
    Rep Power
    8

    Default Commercial Certificates for slapd

    Hi,

    I follow the wiki page about commercial certificates. I successfully registered a cacert certificate in jetty and the SSL pages is already OK.

    Now, I tried to execute the 1.3, about the certificates in slapd, smtpd and perdition. My zimbra does not start anymore.

    Code:
    Host SOME.HOST.COM <- I changed this
            Starting ldap...Done.
    FAILED
    Failed to start slapd.  Attempting debug start to determine error.
    TLS: error:0200100D:system library:fopen:Permission denied bss_file.c:122
    TLS: error:2006D002:BIO routines:BIO_new_file:system lib bss_file.c:127
    TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib by_file.c:274
    main: TLS init def ctx failed: -1
    I did all steps correctly, but I don't understand the part about intermediate certificates. CACert, has one root and one intermediate. So, this line cat exported-pem.crt ca_int1.crt ca_int2.crt >> my.crt in wiki, I just type exported-pem.crt and the intermediate certficate of cacert. I tried this with none, intermediate and intermediate+root from cacert. None of them works as expected.

    What can I do?

    Code:
    zimbra@zimbra:~$ /opt/zimbra/openldap/libexec/slapd -l LOCAL0 -4 -u zimbra -h ldap://zimbra.corp.predicta.com.br:389 -f /opt/zimbra/conf/slapd.conf -d 65535
    @(#) $OpenLDAP: slapd 2.3.37 (Jul 24 2007 15:06:35) $
            root@build-ubuntu:/home/build/p4/main/ThirdParty/openldap/openldap-2.3.37.7/servers/slapd
    daemon_init: ldap://zimbra.corp.predicta.com.br:389
    daemon_init: listen on ldap://zimbra.corp.predicta.com.br:389
    daemon_init: 1 listeners to open...
    ldap_url_parse_ext(ldap://zimbra.corp.predicta.com.br:389)
    daemon: bind(7) failed errno=13 (Permission denied)
    slap_open_listener: failed on ldap://zimbra.corp.predicta.com.br:389
    slapd stopped.
    connections_destroy: nothing to destroy.

  2. #2
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Run the zmfixperms script located in the /opt/zimbra/libexec
    Let's see if that fixes it.

  3. #3
    Join Date
    Sep 2005
    Location
    Ocala, FL, USA
    Posts
    29
    Rep Power
    10

    Default SSL Certificate Issue

    I am having a similar issue with a certificate just installed. As above I followed the wiki page completely, but when I run zmcontrol start I get the following:

    Code:
     zmcontrol start
    Host mail.promedicalinc.com
            Starting ldap...Done.
    FAILED
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:632
    TLS: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib ssl_rsa.c:534
    main: TLS init def ctx failed: -1
    ERROR - failed to start slapd

    As suggested I am running zmfixperms now. Was there another resolution?

Similar Threads

  1. [SOLVED] Installing existing SSL certificates (solved)
    By inigoml in forum Administrators
    Replies: 22
    Last Post: 02-24-2009, 09:32 AM
  2. Commercial SSL Certificates and IMAP/POP
    By manthrax3 in forum Administrators
    Replies: 8
    Last Post: 10-27-2007, 04:43 PM
  3. Replies: 2
    Last Post: 07-01-2007, 11:13 AM
  4. Commercial wildcard certificates
    By nvalentine in forum Administrators
    Replies: 3
    Last Post: 04-23-2007, 04:04 AM
  5. Replies: 2
    Last Post: 09-11-2006, 01:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •