Results 1 to 5 of 5

Thread: [SOLVED] unable to load certificate - when creating new self signed cert

Hybrid View

  1. #1
    Join Date
    May 2007
    Location
    Canada
    Posts
    21
    Rep Power
    8

    Default [SOLVED] unable to load certificate - when creating new self signed cert

    After moving to a new Server (Ubuntu 6.06 32 -> 10.04 64), the logger service is not working correctly. In the Admin GUI Server status shows:
    Server status data is not available. To see the server status, loggers service must be installed.
    Running zmcontrol -status shows everything is working correctly. The mail server has been functioning without any problems, except for the stats and status not working.

    I suspected this may have something to do with the self signed cert we had to create during the move(in hindsight I think it might have complained of something in the process). So I decided to recreate the cert, and noticed that I am getting two errors.

    On step 3 from Administration Console and CLI Certificate Tools - Zimbra :: Wiki, I get the following:

    Code:
    root@u10-04-zimbra:/opt/zimbra/bin# ./zmcertmgr deploycrt self
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...unable to load certificate
    26819:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: TRUSTED CERTIFICATE
    done.
    And on step 4:
    Code:
    root@u10-04-zimbra:/opt/zimbra/bin# ./zmcertmgr deployca
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Saving global config key zimbraCertAuthorityCertSelfSigned...done.
    ** Saving global config key zimbraCertAuthorityKeySelfSigned...done.
    ** Copying CA to /opt/zimbra/conf/ca...done.
    unable to load certificate
    27225:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: TRUSTED CERTIFICATE
    I have moved mailboxd/etc/keystore out of the way and tried this, with the same results.

    So far I have been unable to locate an existing solution in the forums.
    Release 7.2.5_GA_2906.UBUNTU10_64 UBUNTU10_64 FOSS edition

  2. #2
    Join Date
    Feb 2010
    Location
    Netherlands
    Posts
    11
    Rep Power
    5

    Default

    Well, I have got the same error. After i did ./install.sh -u and lost all my emails.... I found out, that its not an zimbra issue, but an open-ssh issue.
    I have reinstalled ssh and openssh-server and the problem was solved.

    I think, the error was caused by the validity of the ssh certificate.

  3. #3
    Join Date
    May 2007
    Location
    Canada
    Posts
    21
    Rep Power
    8

    Default

    I finally had a chance to try your solution tonight, but no success so far.

    Did you just remove and the install openssh-server and ssh, or did you completely purge them. Did you have to re-install zimbra or do the certs again after?
    Release 7.2.5_GA_2906.UBUNTU10_64 UBUNTU10_64 FOSS edition

  4. #4
    Join Date
    Feb 2010
    Location
    Netherlands
    Posts
    11
    Rep Power
    5

    Default

    Quote Originally Posted by mbert View Post
    I finally had a chance to try your solution tonight, but no success so far.

    Did you just remove and the install openssh-server and ssh, or did you completely purge them. Did you have to re-install zimbra or do the certs again after?
    I did reinstall Zimbra as well.

  5. #5
    Join Date
    May 2007
    Location
    Canada
    Posts
    21
    Rep Power
    8

    Default

    Well, after having no luck. I migrated everything over to a new server running 10.04.2 LTS, ZCS 6.0.10. Still wasn't working, so I re-installed openssh-server and then upgraded to ZCS 7.0.0 and voila, certs are working again.

    But I am still having a problem that the server status is data is not available, so it must not be related to the ssl certs. I'll post a new thread for that one.
    Release 7.2.5_GA_2906.UBUNTU10_64 UBUNTU10_64 FOSS edition

Similar Threads

  1. Replies: 2
    Last Post: 01-04-2011, 07:43 PM
  2. Upgrade Self Signed Cert to Commercial Cert (godaddy)
    By lareck in forum Administrators
    Replies: 1
    Last Post: 01-04-2010, 02:51 AM
  3. 4.0.4 to 4.5.6 upgrade failed in network edition
    By chenthil in forum Administrators
    Replies: 1
    Last Post: 08-27-2007, 10:36 AM
  4. [SOLVED] Simple backup question...
    By dameron in forum Administrators
    Replies: 3
    Last Post: 08-25-2007, 10:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •