Results 1 to 5 of 5

Thread: [SOLVED] 6.0.1OSE error regenerting self-signed certs

  1. #1
    Join Date
    Nov 2008
    Posts
    28
    Rep Power
    6

    Default [SOLVED] 6.0.1OSE error regenerting self-signed certs

    6.0.1 OSE

    My self-signed certificates will expire this week. As per the 6.0.2 release notes (page 24) I tried to regenerate them but got an error. Any suggestions?

    Code:
    root@zimbra:~/bin# zmcertmgr createca -new 
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
    root@zimbra:~/bin# zmcertmgr deployca
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
    ** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
    ** Copying CA to /opt/zimbra/conf/ca...done.

  2. #2
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    If you can log into the admin console interface have you tried regenerating the certificates there?

  3. #3
    Join Date
    Nov 2008
    Posts
    28
    Rep Power
    6

    Default

    No, I cannot generate them from the admin console at this point. I get a server error, nad the error is too large for the Detail box (zmcertmgr failed)

  4. #4
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Are there any relevant lines in /var/log/zimbra.log or /opt/zimbra/log/mailbox.log?

  5. #5
    Join Date
    Nov 2008
    Posts
    28
    Rep Power
    6

    Default

    Nothing I saw. However it's working now.

    I tried it again from the command line, this time with Zimbra running, and got not errors. But, no new cert on reboot. However, the GUI ran, wand after that & a reboot I did have updated certs. So all is well now.

    The "upgrading" guide might be changed to emphasize the GUI as the preferred way to regenerate certs.

    Thanks!

Similar Threads

  1. ZCS NE self signed certs: ca cert invalid for windows?
    By k3rmit in forum Administrators
    Replies: 5
    Last Post: 01-16-2010, 11:43 PM
  2. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 01:51 AM
  3. Replies: 1
    Last Post: 10-11-2009, 11:28 PM
  4. Commercial Certs for Multi-Server Install
    By jterhune in forum Administrators
    Replies: 5
    Last Post: 09-08-2009, 02:21 PM
  5. Addition self signed certs
    By 3RiversTechAdmin in forum Administrators
    Replies: 0
    Last Post: 11-17-2006, 11:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •