Results 1 to 4 of 4

Thread: [SOLVED] Transfer SSL certificates between servers

Hybrid View

  1. #1
    Join Date
    Sep 2008
    Location
    Stockholm, Sweden
    Posts
    55
    Rep Power
    7

    Question [SOLVED] Transfer SSL certificates between servers

    I was following this guide Transfer SSL certificates between servers - Zimbra :: Wiki on how to transfer certificate between servers.
    Am transferring from 5.0.2x to 6.0.4.


    After running this command ./zmcertmgr deploycrt comm, I get this:
    Code:
    root@mail:/opt/zimbra/bin# ./zmcertmgr deploycrt comm /sslbk/zimbra/commercial/commercial.crt //sslbk/ssl/zimbra/commercial/commercial_ca.crt 
    ** Verifying /sslbk/ssl/zimbra/commercial/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (/sslbk/ssl/zimbra/commercial/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: /sslbk/ssl/zimbra/commercial/commercial.crt: OK
    ** Copying /sslbk/ssl/zimbra/commercial/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Appending ca chain //sslbk/ssl/zimbra/commercial/commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    After this, I ran the command zmcontrol start and got this:
    Code:
    zimbra@mail:~$ zmcontrol start
    Host mail.nhagman.info
    	Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    	Starting logger...Failed.
    Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
    zimbra logger service is not enabled!  failed.
    
    
    	Starting mailbox...Done.
    	Starting antispam...Done.
    	Starting antivirus...Done.
    	Starting snmp...Done.
    	Starting spell...Done.
    	Starting mta...Done.
    	Starting stats...Done.
    I also restarted my machine and run the command zmcontrol status and got this:
    Code:
    zimbra@mail:~$ zmcontrol status
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Host mail.nhagman.info
    	antispam                Running
    	antivirus               Running
    	ldap                    Running
    	logger                  Stopped
    		zmlogswatchctl is not running
    	mailbox                 Stopped
    		zmmailboxdctl is not running.
    	mta                     Running
    	snmp                    Running
    	spell                   Running
    	stats                   Running
    Please advice.

  2. #2
    Join Date
    Sep 2008
    Location
    Stockholm, Sweden
    Posts
    55
    Rep Power
    7

    Thumbs up

    After running this code, it started to work.
    Code:
    /opt/zimbra/java/bin/keytool -import -alias new -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /sslbk/zimbra/commercial/commercial.crt
    I got the solution from another thread. Can someone please explain -storepass changeit, because I did not change it..
    Anyway, the wiki guide is probably incorrect for zimbra 6.0.x.

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by Blinkiz View Post
    Can someone please explain -storepass changeit, because I did not change it...
    keytool "-storepass changeit " manpage - Google Search
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by Blinkiz View Post
    phoenix, try to be polite for ones and try to help out without pressing the asking person down..
    Zimbra forum should be a nice collection of help topics about anything related to Zimbra. Giving me a link to google saying "learn tomcat", is not the way.
    I don't really understand what you're talking about I never mentioned 'learn tomcat'.

    You asked for an explanation of what 'changeit' was, did the second item in the search not answer your question? If providing you with the answer isn't polite enough for you then I'll leave you to find it yourself in future.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Similar Threads

  1. [SOLVED] Installing existing SSL certificates (solved)
    By inigoml in forum Administrators
    Replies: 22
    Last Post: 02-24-2009, 09:32 AM
  2. Replies: 0
    Last Post: 01-15-2008, 12:33 PM
  3. Replies: 0
    Last Post: 10-30-2007, 03:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •