Results 1 to 9 of 9

Thread: Error saving config key zimbraSSLCertificate

  1. #1
    Join Date
    Mar 2009
    Location
    Memphis
    Posts
    30
    Rep Power
    6

    Default Error saving config key zimbraSSLCertificate

    zcs 5.0.14 on ubuntu 8.04 with thawte certificate: can someone tell me what is attempting to happen during zmcertmgr deploycrt that gives this message:

    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.

    i'm working with rogle and we've been fighting the whole commercial ssl/tls issues for a couple days. none of the solutions we've found on here seems to work. most of the steps say all is ok, then we restart everything and we get the:
    network_biopair_interop: error writing 2108 bytes to the networ
    k: Broken pipe

    error. we've tried 15914 and 19702 and many other deriviatives there of! help!

  2. #2
    Join Date
    Oct 2006
    Posts
    55
    Rep Power
    9

    Default

    Is the ldap service running?

  3. #3
    Join Date
    Mar 2009
    Location
    Memphis
    Posts
    30
    Rep Power
    6

    Default

    Quote Originally Posted by Ramadan Mansoura View Post
    Is the ldap service running?
    not at the moment. i figured i'd try deploying with zimbra stopped - should it be?

  4. #4
    Join Date
    Oct 2006
    Posts
    55
    Rep Power
    9

    Default

    ldap needs to be running as the cert needs to be saved in ldap.
    that's why you are seeing the error.

  5. #5
    Join Date
    Mar 2009
    Location
    Memphis
    Posts
    30
    Rep Power
    6

    Default

    zimbra@pfmail:~$ zmcontrol start
    Host pfmail.memphis.css.local
    Starting ldap...Done.
    FAILED
    Failed to start slapd. Attempting debug start to determine error.
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
    TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:356
    TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:358
    main: TLS init def ctx failed: -1

    great - now ldap wont start! is it obvious from this whats broke now?

  6. #6
    Join Date
    Oct 2006
    Posts
    55
    Rep Power
    9

    Default

    1) check the permissions on those two files:
    -rw-r--r-- 1 zimbra zimbra 1001 Mar 13 19:40 /opt/zimbra/conf/slapd.crt
    -rw-r--r-- 1 zimbra zimbra 887 Sep 21 2008 /opt/zimbra/conf/slapd.key

    2) is your private key encrypted or password protected?

  7. #7
    Join Date
    Mar 2009
    Location
    Memphis
    Posts
    30
    Rep Power
    6

    Default

    zimbra@pfmail:~/conf$ ls -l slapd*
    -rw-r----- 1 zimbra zimbra 7562 Mar 26 17:22 slapd.conf
    -rw-r----- 1 zimbra zimbra 7575 Mar 26 13:51 slapd.conf.in
    -rw-r--r-- 1 zimbra zimbra 10827 Mar 26 15:39 slapd.crt
    -rw-r--r-- 1 zimbra zimbra 920 Mar 26 15:39 slapd.key

    perms look ok. my partner built the key this time, but i've not been prompted for one with all the verifying/deploying - i think that would've come up by now!
    any other suggestions?

    btw - thanks for your efforts in this! we may build from scratch tomorrow...

  8. #8
    Join Date
    Oct 2006
    Posts
    55
    Rep Power
    9

    Default

    So ldap service is running now? What happens if you deploy the cert at this point?

  9. #9
    Join Date
    Feb 2012
    Location
    Hong Kong
    Posts
    77
    Rep Power
    3

    Default

    Quote Originally Posted by Ramadan Mansoura View Post
    So ldap service is running now? What happens if you deploy the cert at this point?
    Thank you for this answer, I was trying to renew a commercial certificate while the server was down and I was receiving the errors that the original poster mentioned, but everything else seemed to be ok.

    I started Zimbra and ran the deploy command again and everything worked as expected with no errors.

    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/2012ssl/commercial.crt /tmp/2012ssl/commercial_ca.crt
    Release 7.2.4_GA_2900.UBUNTU10_64 UBUNTU10_64 FOSS edition.

Similar Threads

  1. bayes db..
    By osiris in forum Administrators
    Replies: 9
    Last Post: 06-15-2011, 12:14 PM
  2. LDAP Cannot bind on migration to new server
    By neekster in forum Migration
    Replies: 23
    Last Post: 03-09-2009, 03:08 AM
  3. Installing Zimbra on Ubuntu 8.04 (Hardy)
    By tikitom in forum Installation
    Replies: 33
    Last Post: 03-03-2009, 12:23 PM
  4. speed up the net
    By mcesari in forum Administrators
    Replies: 10
    Last Post: 04-25-2008, 12:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •