Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: GoDaddy SSL broke my keystore

  1. #1
    Join Date
    Dec 2007
    Location
    Portland, OR
    Posts
    61
    Rep Power
    7

    Angry GoDaddy SSL broke my keystore

    Ok, so for the second time I tried installing my GoDaddy commercial SSL certificate following the lovely directions that are out on the Internet and for the second time it hosed my SSL and I cannot start Zimbra. This is what I am getting -

    Failed to start slapd. Attempting debug start to determine error.
    TLS: error:140A80BE:SSL routines:SSL_CTX_check_private_key:no private key assigned ssl_lib.c:802
    main: TLS init def ctx failed: -1

    I am not very impressed with the level of directions available out there - it simply says "use the GUI to install the certficate" but with the intermediary, cross intermediary, etc. it's very confusing and obviously I'm not the only one with issues. I gave it my cert where asked, the root bundle and the intermediate one. Was I supposed to do this different? The entire server is down now.

    Ubuntu 6.06 LTS, 5.0.1 GA, 3 GB RAM

    Thanks all,

    Ryan

  2. #2
    Join Date
    Dec 2007
    Location
    Portland, OR
    Posts
    61
    Rep Power
    7

    Default Anyone?

    Server still down, I'm about ready to scream. Nobody seems to want to answer and all of my attempts to restore from the previous self-signed cert has failed. I'm about ready to give up on Zimbra altogether, this is far too complicated for a simple SSL certificate. Far far too many variables involved and no simple process to do it.

  3. #3
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    What "lovely directions" did you follow?

  4. #4
    Join Date
    Dec 2007
    Location
    Portland, OR
    Posts
    61
    Rep Power
    7

    Default

    Well I finally got the server running again by generating a new self-signed certificate and I'm scared to death of trying a commercial one again.

    First I tried using this page
    Commercial Certificates - Zimbra :: Wiki
    Then I tried
    How to manually install your commercial certificate in 5.x - Zimbra :: Wiki

    I especially like this line -
    Upload the certificate files via the admin console>certificates.

    Well, without more specific instructions it's apparently extremely easy to F everything up from that GUI. Now I'll need to re-generate the codes to send to GoDaddy for a second time before I try again, but I'm wondering if it's even worth doing at this point. I'll probably end up messing it up again.

    Far too many variables and differences between versions, nothing is clear and concise that I can find.

    The files I have from GoDaddy are -

    gd_bundle.crt
    gd_cross_intermediate.crt
    gd_intermediate.crt
    smtp.myservername.net.crt

    Which file goes where in the GUI is the big question. From what I have gathered, all I have to do in 5.0.1 is upload the files in the GUI, restart Tomcat and voila, but alas that's not the case.

  5. #5
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    While you're back up and running with your self-signed certs, you may wish to upgrade to 5.0.5, as there have been several certificate related enhancements & fixes since 5.0.1.

  6. #6
    Join Date
    Dec 2007
    Location
    Portland, OR
    Posts
    61
    Rep Power
    7

    Default

    Hmm, that sounds like a good idea.

  7. #7
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Have to say it because based on threads this looks like it will be your first upgrade:
    Always, always make a backup before upgrading
    http://www.zimbra.com/forums/announc...-released.html

  8. #8
    Join Date
    Dec 2007
    Location
    Portland, OR
    Posts
    61
    Rep Power
    7

    Default

    Now I'm wishing I had installed the mail server into a VMWare container because our new server is a VMWare server with power to spare and if I had that, I could have just backed up the single file and been done with it :-/

    How hard would it be to install 5.0.5 fresh in a VMWare container and move the data over to it? :-P

  9. #9
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    I'll gather you're FOSS (else you would have opened a support ticket earlier) but http://www.zimbra.com/forums/announc...html#post62754

    I see you're ~50 users, so a quick backup method A_Simple_Shell_Script_Method - Open Source Edition Backup Procedure - Zimbra :: Wiki

    Quick example:
    su - zimbra
    zmcontrol stop
    switch back to root
    ps aux | grep zimbra
    kill -9 pid# of any remaining
    mkdir /backup
    rsync -avHK /opt/zimbra/ /backup/zimbra

    If you end up needing to regenerate stuff from godaddy, if they complain that you've already gotten these recently/can only do it x times in x days, their support can override this.

  10. #10
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Quote Originally Posted by ryandball View Post
    How hard would it be to install 5.0.5 fresh in a VMWare container and move the data over to it? :-P
    Easier to use the exact same zcs version (so 5.0.1) and follow /blog/archives/2007/10/moving_zcs_to_another_server.html
    So you have to decide if you want to throw this into a vm now before upgrade (using 5.0.1) or after upgrade (using 5.0.5).

    Else between version's you'd have to do imapsync, rest & curl exports/imports, other db methods etc: User Migration - Zimbra :: Wiki

    Under construction:
    Bug 19630 - Migration Tool zimbra to zimbra
    Bug 11423 - disaster recovery through server to server sync (beta)

Similar Threads

  1. Renew of GoDaddy SSL Certificate
    By phatbyte in forum Administrators
    Replies: 4
    Last Post: 10-07-2008, 10:15 AM
  2. Replies: 1
    Last Post: 03-10-2008, 10:31 PM
  3. Replies: 1
    Last Post: 01-11-2008, 06:36 PM
  4. Replies: 1
    Last Post: 11-05-2007, 06:55 PM
  5. Help with tomcat ssl errors...
    By sgtstadanko in forum Administrators
    Replies: 4
    Last Post: 03-19-2007, 10:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •