I was using a self cert and was trying to install a new certificate from CAroot. I was following the instruction in wiki and ain't sure which step I did wrong. So, I tried re-gen a self cert again and found saving SSL Key failed. In fact, I found zmprov fail to work altogether.
[root@mailserv ~]# /opt/zimbra/bin/zmcertmgr createcrt self -new
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100107170839
** Retrieving server config key zimbraSSLCertificate...failed.
** Retrieving server config key zimbraSSLPrivateKey...failed.
** Generating a server csr for download self -keysize 1024
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100107170845
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Saving server config key zimbraSSLPrivateKey...failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
[zimbra@mailserv ~]$ zmprov -l gcf zimbraCertAuthorityKeySelfSigned
ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
Now, I think I am in deep trouble. The zimbra server is still running fine but I am so afraid if I have to reboot at some point and found everything is gone. Can someone please help to point out how to fix the zmprove failure?
Thank you very much.