My original 365 day self-signed certificate recently expired on my Zimbra 5.0.9 server. I followed the Zimbra wiki instructions to create a new set of certs as follows. I got most of the way through the process and then it failed. Any ideas on resolving this problem?
1. zmcertmgr createca -new
2. zmcertmgr createcrt -new -days 365
3. zmcertmgr deploycrt self
Steps 1 and 2 completed successfully. Step 3 completed partially and then failed.
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.
XXXXX ERROR: failed to create jetty.pkcs12
unable to load private key
From what I can tell, the mta, ldap, and proxy certs were created successfully, but the mailboxd cert failed to install. Here's what I get when I try to view the mailboxd cert.
zmcertmgr viewdeployedcrt mailboxd
XXXXX ERROR: failed to export /opt/zimbra/mailboxd/etc/mailboxd.pem from keystore.
keytool error: java.lang.Exception: Alias <jetty> does not exist
unable to load certificate
20972:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:150:
notBefore=Aug 25 16:34:24 2007 GMT
notAfter=Aug 24 16:34:24 2009 GMT
Now my /opt/zimbra/mailboxd/etc/keystore file is only 32 bytes. Prior to this process it was 1339 bytes. I've been mucking around in the zmcertmgr bash script, but I'm not getting anywhere.
What just happened and what do I need to do to get my certs straightened out?