Results 1 to 4 of 4

Thread: Cant install any SSL Certs

  1. #1
    Join Date
    Dec 2009
    Posts
    7
    Rep Power
    5

    Default Cant install any SSL Certs

    Helllo Every One.

    I purchased a server last year and the fellow that set it up for me and was mataing it decided to close up shop last summer and didn't tell and one one. I have zimbra is is installed on Mac OSX 10.4. I know that the server is 5.0 i think is .10. I i have a very limited understanding of sudo commands. i am getting a the fallow message from the server cert manganger when i try to install the new certs:

    Message: system failure: exception during auth {RemoteManager: mail.amcmedical.com->zimbra@mail.amcmedical.com:22} Error code: service.FAILURE Method: GetCSRRequest Details:soap:Receiver

    I did find a wiki its was as colse to the problem that i could find.: Mail Queue Monitoring - Zimbra :: Wiki

    but my understanding of terminal commands is relay hampering with me. I have tryed installing 6.0.3 on a backup copy of the server that i had made but it dosen't seem to fix any thing and when i restart the server a coupple of the services do start backup. i would be happy using self sign ones if any one could help. I do appreciate any help any one can give me.
    Attached Images Attached Images

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    You need to follow the instructions in the wiki article, all the step and commands you need are listed there.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Dec 2009
    Posts
    7
    Rep Power
    5

    Default

    Quote Originally Posted by phoenix View Post
    You need to follow the instructions in the wiki article, all the step and commands you need are listed there.
    I have already tryed the informaition in that artice. But as stated earlyer I have a very limited knolage of terminal comands. THE artica dosent realy provide enough information i have try running most of the fallow with no resutls at all:

    Regenerating Keys
    To regenerate the ssh keys, on all hosts (as the zimbra user):

    zmsshkeygen
    To deploy the keys, on all hosts (as the zimbra user):

    zmupdateauthkeys
    Verifying sshd configuration
    The authentication method assumes that sshd on the mta is running on port 22, and that RSA Authentication is enabled. You can test the ssh command with:

    ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
    (Swap MAIL.DOMAIN.COM for your hostname, as it appears in the error).

    You should NOT be prompted for a password; if you are, recreate the ssh keys and retry the test.

    If you're not running sshd on port 22, modify the zimbraRemoteManagementPort attribute on the server:

    zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 2222
    Verify in /etc/sshd_config that the zimbra user is an allow user

    AllowUsers admin zimbra
    Note: applying this change resulted in not being to ssh as root. Should we add root to the list of AllowUsers!

    /etc/hosts.allow
    The Zimbra hostname may be different than the system. Add the Zimbra hostname to /etc/hosts.allow.

    ALL: zimbra.domain.tld
    Another cause, Zimbra account has been disabled
    If the above steps do not work then enable verbose output for ssh with:

    ssh -vi .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
    If the output from ssh indicates that Next authentication method: password as below, then the Zimbra account may be locked.

    debug1: Next authentication method: publickey
    debug1: Offering public key: /opt/zimbra/.ssh/zimbra_identity
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
    debug1: Next authentication method: password
    zimbra@MAIL.DOMAIN.COM's password:
    To verify this, as root check /etc/shadow. Locate the zimbra account. If the account has one or more ! in the line then the account is locked. zimbra:!!:13634:0:99999:7:::

    Use this command to unlock the zimbra account (or you can edit the shadow file directly and remove them).

    usermod -U zimbra
    Then check /etc/shadow again, there should be no ! for the zimbra account. You may need to do this multiple times to remove the ! and unlock the account.

    Once the account is unlocked, this command should work (it did for us!).

    ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM

  4. #4
    Join Date
    Dec 2009
    Posts
    7
    Rep Power
    5

    Default

    Quote Originally Posted by baradeithel View Post
    I have already tryed the informaition in that artice. But as stated earlyer I have a very limited knolage of terminal comands. THE artica dosent realy provide enough information i have try running most of the fallow with no resutls at all:

    Regenerating Keys
    To regenerate the ssh keys, on all hosts (as the zimbra user):

    zmsshkeygen
    To deploy the keys, on all hosts (as the zimbra user):

    zmupdateauthkeys
    Verifying sshd configuration
    The authentication method assumes that sshd on the mta is running on port 22, and that RSA Authentication is enabled. You can test the ssh command with:

    ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
    (Swap MAIL.DOMAIN.COM for your hostname, as it appears in the error).

    You should NOT be prompted for a password; if you are, recreate the ssh keys and retry the test.

    If you're not running sshd on port 22, modify the zimbraRemoteManagementPort attribute on the server:

    zmprov ms MAIL.DOMAIN.COM zimbraRemoteManagementPort 2222
    Verify in /etc/sshd_config that the zimbra user is an allow user

    AllowUsers admin zimbra
    Note: applying this change resulted in not being to ssh as root. Should we add root to the list of AllowUsers!

    /etc/hosts.allow
    The Zimbra hostname may be different than the system. Add the Zimbra hostname to /etc/hosts.allow.

    ALL: zimbra.domain.tld
    Another cause, Zimbra account has been disabled
    If the above steps do not work then enable verbose output for ssh with:

    ssh -vi .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
    If the output from ssh indicates that Next authentication method: password as below, then the Zimbra account may be locked.

    debug1: Next authentication method: publickey
    debug1: Offering public key: /opt/zimbra/.ssh/zimbra_identity
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug1: Authentications that can continue: publickey,gssapi-with-mic,password,keyboard-interactive
    debug1: Next authentication method: password
    zimbra@MAIL.DOMAIN.COM's password:
    To verify this, as root check /etc/shadow. Locate the zimbra account. If the account has one or more ! in the line then the account is locked. zimbra:!!:13634:0:99999:7:::

    Use this command to unlock the zimbra account (or you can edit the shadow file directly and remove them).

    usermod -U zimbra
    Then check /etc/shadow again, there should be no ! for the zimbra account. You may need to do this multiple times to remove the ! and unlock the account.

    Once the account is unlocked, this command should work (it did for us!).

    ssh -i .ssh/zimbra_identity -o strictHostKeyChecking=no zimbra@MAIL.DOMAIN.COM
    and yes i did replace the mail.domain.com with the right inforation

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. Commercial Certs for Multi-Server Install
    By jterhune in forum Administrators
    Replies: 5
    Last Post: 09-08-2009, 02:21 PM
  3. Note on creating SSL certs in opensource zimbra
    By pheonix1t in forum Administrators
    Replies: 2
    Last Post: 01-17-2009, 07:10 AM
  4. [SOLVED] Commercial SSL certs not working
    By veronica in forum Installation
    Replies: 6
    Last Post: 06-30-2008, 05:33 AM
  5. Replies: 0
    Last Post: 01-15-2008, 12:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •