Hi, Zimbra 6.0.7 OSE 64 bit debian 5.
I need to do it from a script, so I can't use ZWC (where it works flawlessy).
I've been followed these instructions:
Administration Console and CLI Certificate Tools - Zimbra :: Wiki
but I got 2 errors when deploying the CA and then zimbra becomes severe broken. Is not a problem since is a test environment in a VM, but I have to find a reliable solution for "the real stuff".
I've googled for many hours, and found a pair of semi-functional solutions to the problem, but no idea about how to create the certificate from CLI without these troubles at all (I repeat, if done from ZWC works fine, but I need to do from script).
Note the 2 "failed" lines at the end:
** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
and then I got a tons of "(system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)" in the logs.

The sequence I've used, that seem to be the same of the wiki, is this one (yes, 3650 days=10years, but I have the same problems with just 365):
mxz:~# /opt/zimbra/bin/zmcertmgr createca -new
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
mxz:~# /opt/zimbra/bin/zmcertmgr createcrt -new -days 3650
Validation days: 3650
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100822174536
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20100822174536
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
mxz:~# /opt/zimbra/bin/zmcertmgr deploycrt self
** Saving server config key zimbraSSLCertificate...done.
** Saving server config key zimbraSSLPrivateKey...done.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
mxz:~# /opt/zimbra/bin/zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
** Copying CA to /opt/zimbra/conf/ca...done.
mxz:~#

Where am I (or the wiki) wrong?
Thanks a lot!