Hi there,

i'm running Release 6.0.7_GA_2473 on a Debian Testing.
I tried to install a commerial startcom ssl cert as described in the zimbra wiki and here. Everything went fine until i tried to deploy the cert:
Code:
server:~# /opt/zimbra/bin/zmcertmgr deploycrt comm /root/.ssl/commercial.crt /root/.ssl/commercial_ca.pem
** Verifying /root/.ssl/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/root/.ssl/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
Valid Certificate: /root/.ssl/commercial.crt: OK
** Copying /root/.ssl/commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Appending ca chain /root/.ssl/commercial_ca.pem to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done.
** NOTE: mailboxd must be restarted in order to use the imported certificate.
** Saving server config key zimbraSSLCertificate.../opt/zimbra/bin/zmcertmgr: Zeile 210: /bin/su: Die Argumentliste ist zu lang
failed.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.

XXXXX ERROR: failed to create jetty.pkcs12
No certificate matches private key
Apparently, the bash script zmcertmgr tries to pass the ca-bunde (this one) as a string over the command line:

Code:
local content=`cat ${file}`
...
echo -n "** Saving $location config key $key..."
su - zimbra -c "${zimbra_home}/bin/zmprov -m -l -- ${zmprov_opts} ${key} \"$content\" 2> /dev/null"
The bundles filesize is 132903 bytes, probably hitting some limit for command line argument length in my kernel:
Code:
uname -r
2.6.28.7

getconf ARG_MAX
2097152

cat /usr/src/linux/include/linux/binfmts.h | grep MAX_ARG_STRLEN
#define MAX_ARG_STRLEN (PAGE_SIZE * 32)

getconf PAGE_SIZE
4096
Reffering to this article
And as additional limit, one argument must not be longer than MAX_ARG_STRLEN (131072).
i guess that the maximum length for that particular argument is slightly exceed, even though the ARG_MAX is big enough.

I'd be happy to get some feedback on that.

Thanks, Hawkeye.