Results 1 to 8 of 8

Thread: [SOLVED] SSL Cert prob in 5.0RC1, need to recreate

  1. #1
    Join Date
    Sep 2006
    Posts
    15
    Rep Power
    9

    Exclamation [SOLVED] SSL Cert prob in 5.0RC1, need to recreate

    This is a call for help. My mailboxes are still functioning but my Calendars are not. When clicking on the calendar tab in any account i get:

    A network service error has occurred. msg - system failure: IOException code - service.FAILURE method - ZmCsfeCommand.prototype.invoke detail - soap:Receiver


    When I look in mailbox.log I see:

    Caused by: java.security.cert.CertificateException: Untrusted Server Certificate Chain

    It looks as though my self-signed cert is toast somehow and I need to recreate new ones. The old cert has expired anyway.

    I am running 5.0 RC1 and need help deleting and re-creating new certs. I have looked everywhere I could find for the instructions to do this with 5.0 RC1 and cannot locate any so if they exist and I missed them then I apologize in advance; just point me in the right direction. Also, does it sound like I have located the problem with the calendars or is this likely to be unrelated?

    This is a personal mail server but it is very important that I get it working again. My spouse is a grad student working on her PHD and as she puts it "my life is in there" so any help will be greatly appreciated. Thanks in advance!

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    The wiki and the forums have your answer.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Sep 2006
    Posts
    15
    Rep Power
    9

    Default

    Phoenix,

    I appreciate the reply, but the wiki article you pointed me to clearly states:

    WARNING - these instructions are valid only for 4.5x, not 5.0 (since it does not use tomcat)

    As you can see from my post, I am running 5.0 RC1 so those instructions do me no good. I need instructions for repairing certificate problems in 5.0, not 4.5.

    Any ideas?

    This is critical and I really need this to get fixed.

  4. #4
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Scroll down there will be sections like:
    For ZCS upto 4.5.x (tomcat)
    su - zimbra
    keytool -delete -alias tomcat -keystore /opt/zimbra/tomcat/conf/keystore -storepass zimbra
    For ZCS 5.0+ (mailboxd/jetty)

    su - zimbra
    keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass zimbra
    For Tomcat (ZCS upto 4.5.x)
    zmcertinstall mailbox /opt/zimbra/ssl/ssl/server/tomcat.crt
    zmcertinstall mta /opt/zimbra/ssl/ssl/server/server.crt /opt/zimbra/ssl/ssl/server/server.key
    For Mailboxd (ZCS 5.0+)

    zmcertinstall mailbox /opt/zimbra/ssl/ssl/server/mailboxd.crt
    zmcertinstall mta /opt/zimbra/ssl/ssl/server/server.crt /opt/zimbra/ssl/ssl/server/server.key
    -ignore references to tomcat
    Last edited by mmorse; 11-11-2007 at 01:16 PM.

  5. #5
    Join Date
    Sep 2006
    Posts
    15
    Rep Power
    9

    Default

    So what is the full process for 5.0? It is very confusing since they are mixed in together. I cannot clearly see a full process for 5.0 only. There are sections that do not specify whether they are for 4.5 or 5.0. Does that mean they don't work in 5.0 or that they work the same in both versions? It is completely unclear and the last thing I need to do here is screw it up worse because of unclear instructions. Can someone help to clarify what the exact process would be for 5.0? Again, I am greatly thankful for any and all help.

  6. #6
    Join Date
    Sep 2006
    Posts
    15
    Rep Power
    9

    Default

    Well, I went for it. No guts no glory - and it worked! Thanks gents. However, I stand by my belief that the wiki docs need to be a bit more specific so we don't have to risk heart attack.

    Thanks again to all those who helped!

  7. #7
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    I agree, and as such (since I see no other self-signed ssl certs doc for 5.0) have already fixed that warning by changing it to something more descriptive/less harsh
    SSL Certificate Problems - Zimbra :: Wiki
    & I see you already marked the thread resolved - thanks!
    Last edited by mmorse; 11-11-2007 at 01:45 PM.

  8. #8
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    i don't seem to have zmcreateca or zmcreatecert in my 5.0_rc2 install. Is this wrong, is this just another 'quirk' of the seemingly totally un-QAd Debian4 release?

Similar Threads

  1. [SOLVED] Tomcat ignoring new SSL cert?
    By gkra in forum Administrators
    Replies: 1
    Last Post: 09-07-2007, 10:44 AM
  2. Replies: 2
    Last Post: 03-25-2007, 09:40 PM
  3. IMAP/POP/SMTP SSL Cert warning
    By scottnelson in forum Administrators
    Replies: 8
    Last Post: 12-29-2006, 12:24 PM
  4. Multi Name SSL Cert Question
    By kirme3 in forum Administrators
    Replies: 1
    Last Post: 09-20-2006, 03:15 PM
  5. SSL Cert Problem using SOAP API
    By pbwebguy in forum Developers
    Replies: 1
    Last Post: 06-06-2006, 05:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •