Results 1 to 2 of 2

Thread: commercial cert fails

  1. #1
    Join Date
    Nov 2010
    Rep Power

    Default commercial cert fails

    Dear all,

    Although I am new to this forum and this is my new post, I read many posts and solutions as well as read the wiki on Installing a Thawte SSL Certificate on ZCS 5.0.x, but my installation of the Thawte SSL123 still fail, and the log shows multiple of " PKIX path building failed: xception: unable to find valid certification path to requested target)".

    The process of verification and installation of the cert shows no errors, but after stopping and restarting zmcontrol, the whole system is down. Below is the output of what I did.
    [root@f2 commercial]# /opt/zimbra/bin/zmcertmgr deploycrt comm commercial.crt all3.pem
    ** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
    Certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
    Valid Certificate: commercial.crt: OK
    ** Copying commercial.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    cp: `commercial.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial.crt' are the same file
    ** Appending ca chain all3.pem to /opt/zimbra/ssl/zimbra/commercial/commercial.crt
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    [root@f2 commercial]# su - zimbra
    [zimbra@f2 ~]$ zmcontrol stop
    Stopping stats...Done.
    Stopping mta...Done.
    Stopping spell...Done.
    Stopping snmp...Done.
    Stopping archiving...Done.
    Stopping antivirus...Done.
    Stopping antispam...Done.
    Stopping imapproxy...Done.
    Stopping memcached...Done.
    Stopping mailbox...Done.
    Stopping logger...Done.
    Stopping ldap...Done.
    [zimbra@f2 ~]$ zmcontrol start
    Starting ldap...Done.
    Unable to determine enabled services from ldap.
    Enabled services read from cache. Service list may be inaccurate.
    Starting logger...Failed.
    Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: PKIX path building failed: xception: unable to find valid certification path to requested target)
    zimbra logger service is not enabled! failed.

    Starting mailbox...Done.
    Starting antispam...Done.
    Starting antivirus...Done.
    Starting snmp...Done.
    Starting spell...Done.
    Starting mta...Done.
    Starting stats...Done.
    [zimbra@f2 ~]$

    My Zimbra version is : Release 6.0.2_GA_1912.RHEL5_64_20091020161509 RHEL5_64 FOSS edition, and my OS is RHEL 5.5 64-bit.

    Any advice is greatly appreciated.


  2. #2
    Join Date
    Nov 2010
    Rep Power


    It looks like I missed some posts. I just did the whole process again as the wiki document says. This time, before restarting zmcontrol, I ran this command
    /opt/zimbra/java/bin/keytool -import -alias <some-new-alias-here> -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file ./my_new_commercial_cert.crt

    Then restarting zmcontrol brought the system up succesfully.

    Perhaps the wifi should add that command for Zimbra 6 ?


Similar Threads

  1. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 01:51 AM
  2. Failed Commercial Cert Migration
    By solarsail in forum Administrators
    Replies: 10
    Last Post: 04-23-2009, 01:03 AM
  3. Commercial Cert for Zimbra Web
    By mwyant in forum Installation
    Replies: 4
    Last Post: 07-17-2007, 10:22 AM
  4. Replies: 2
    Last Post: 03-25-2007, 09:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts