Results 1 to 9 of 9

Thread: Error saving config key zimbraSSLCertificate

  1. #1
    Join Date
    Mar 2009
    Location
    Memphis
    Posts
    30
    Rep Power
    8

    Default Error saving config key zimbraSSLCertificate

    zcs 5.0.14 on ubuntu 8.04 with thawte certificate: can someone tell me what is attempting to happen during zmcertmgr deploycrt that gives this message:

    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.

    i'm working with rogle and we've been fighting the whole commercial ssl/tls issues for a couple days. none of the solutions we've found on here seems to work. most of the steps say all is ok, then we restart everything and we get the:
    network_biopair_interop: error writing 2108 bytes to the networ
    k: Broken pipe

    error. we've tried 15914 and 19702 and many other deriviatives there of! help!

  2. #2
    Join Date
    Oct 2006
    Posts
    55
    Rep Power
    10

    Default

    Is the ldap service running?

  3. #3
    Join Date
    Mar 2009
    Location
    Memphis
    Posts
    30
    Rep Power
    8

    Default

    Quote Originally Posted by Ramadan Mansoura View Post
    Is the ldap service running?
    not at the moment. i figured i'd try deploying with zimbra stopped - should it be?

  4. #4
    Join Date
    Oct 2006
    Posts
    55
    Rep Power
    10

    Default

    ldap needs to be running as the cert needs to be saved in ldap.
    that's why you are seeing the error.

  5. #5
    Join Date
    Mar 2009
    Location
    Memphis
    Posts
    30
    Rep Power
    8

    Default

    zimbra@pfmail:~$ zmcontrol start
    Host pfmail.memphis.css.local
    Starting ldap...Done.
    FAILED
    Failed to start slapd. Attempting debug start to determine error.
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:647
    TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:356
    TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:358
    main: TLS init def ctx failed: -1

    great - now ldap wont start! is it obvious from this whats broke now?

  6. #6
    Join Date
    Oct 2006
    Posts
    55
    Rep Power
    10

    Default

    1) check the permissions on those two files:
    -rw-r--r-- 1 zimbra zimbra 1001 Mar 13 19:40 /opt/zimbra/conf/slapd.crt
    -rw-r--r-- 1 zimbra zimbra 887 Sep 21 2008 /opt/zimbra/conf/slapd.key

    2) is your private key encrypted or password protected?

  7. #7
    Join Date
    Mar 2009
    Location
    Memphis
    Posts
    30
    Rep Power
    8

    Default

    zimbra@pfmail:~/conf$ ls -l slapd*
    -rw-r----- 1 zimbra zimbra 7562 Mar 26 17:22 slapd.conf
    -rw-r----- 1 zimbra zimbra 7575 Mar 26 13:51 slapd.conf.in
    -rw-r--r-- 1 zimbra zimbra 10827 Mar 26 15:39 slapd.crt
    -rw-r--r-- 1 zimbra zimbra 920 Mar 26 15:39 slapd.key

    perms look ok. my partner built the key this time, but i've not been prompted for one with all the verifying/deploying - i think that would've come up by now!
    any other suggestions?

    btw - thanks for your efforts in this! we may build from scratch tomorrow...

  8. #8
    Join Date
    Oct 2006
    Posts
    55
    Rep Power
    10

    Default

    So ldap service is running now? What happens if you deploy the cert at this point?

  9. #9
    Join Date
    Feb 2012
    Location
    Hong Kong
    Posts
    77
    Rep Power
    5

    Default

    Quote Originally Posted by Ramadan Mansoura View Post
    So ldap service is running now? What happens if you deploy the cert at this point?
    Thank you for this answer, I was trying to renew a commercial certificate while the server was down and I was receiving the errors that the original poster mentioned, but everything else seemed to be ok.

    I started Zimbra and ran the deploy command again and everything worked as expected with no errors.

    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/2012ssl/commercial.crt /tmp/2012ssl/commercial_ca.crt
    Release 7.2.4_GA_2900.UBUNTU10_64 UBUNTU10_64 FOSS edition.

Similar Threads

  1. bayes db..
    By osiris in forum Administrators
    Replies: 9
    Last Post: 06-15-2011, 11:14 AM
  2. LDAP Cannot bind on migration to new server
    By neekster in forum Migration
    Replies: 23
    Last Post: 03-09-2009, 02:08 AM
  3. Installing Zimbra on Ubuntu 8.04 (Hardy)
    By tikitom in forum Installation
    Replies: 33
    Last Post: 03-03-2009, 11:23 AM
  4. speed up the net
    By mcesari in forum Administrators
    Replies: 10
    Last Post: 04-25-2008, 11:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •