I'm still having problems with my commercial (_not_ expired!) certificate and LDAP since updating from 4.5.x to 5.0.
After every update I had to change "start_tls" from "yes" to "no" in every ldap-*.cf file in order to be able to send and receive mails. After the update to 5.0.6 this no longer worked, as the changes made to these files are constantly overwritten. I read in the Release Notes that I had to proceed the following way:
/opt/zimbra/bin/zmlocalconfig -f -e ldap_starttls_supported='0'
This works indeed, but I'm not happy with that solution because there still seems to be a certificate related problem. I think that I should completely remove my commercial certificate and maybe all remaining parts of self-signed certificates that might be left on the system in order to cleanly reinstall the commercial certificate. Can someone point out all the steps required to completely remove all the certificates (keystore, ldap, files, directories). I found several locations in different forum posts, but I don't like to experiment as it is a productive server.