Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 31

Thread: Renewing certificate failed zimbra 6

  1. #11
    Join Date
    Apr 2010
    Location
    Cape Town, South Africa
    Posts
    71
    Rep Power
    5

    Default

    Hey there,

    Sorry for the delay in response, but I had to run off yesterday... Perhaps you could check whether you are allowing self-signed certs:

    zmlocalconfig -s ssl_allow_untrusted_certs
    If that returns false, please run:
    zmlocalconfig -e ssl_allow_untrusted_certs=true

    If that doesn't allow you to recreate the cert, have you tried running a local upgrade (to the same version)? I've found in the past that upgrading to the same version can often recover from unforeseen/odd issues.

    Please let me know if this resolves the issue.

    Regards.

  2. #12
    Join Date
    Nov 2011
    Posts
    6
    Rep Power
    4

    Default

    Hi GWilliams,

    Thanx for the reply again,

    editing the zmlocalconfig file didn't work out for me either !


    [zimbra@mail ~]$ zmlocalconfig -s ssl_allow_untrusted_certs
    ssl_allow_untrusted_certs = false
    [zimbra@mail ~]$ zmlocalconfig -e ssl_allow_untrusted_certs=true
    [zimbra@mail ~]$ zmlocalconfig -s ssl_allow_untrusted_certs
    ssl_allow_untrusted_certs = true
    [zimbra@mail ~]$

    when I tried to renew the certificates it failed again & the results are same as earlier.

    I don't understand what you mean by "running a local upgrade" ?
    I have following questions ?

    1. Do I have to download a new upgrade patch for this ? or I just can use the same installer which I used to install Zimbra ?
    2. Please let me know the steps to do a local upgrade !
    3. Do I have to backup any files before doing this?( Such as resolv.conf /hostfile /mail folder backup & etc...).

    Thank you !! any help ?

  3. #13
    Join Date
    Apr 2010
    Location
    Cape Town, South Africa
    Posts
    71
    Rep Power
    5

    Default

    Hi buddhikeg,

    What I meant is simply running the install of exactly the same version again. This will prompt you to upgrade your current installation, which is very easy and quite quick as well . I normally do it as follows:

    cd /tmp
    tar zxvf </install/location/zcs.tar.gz>
    cd <zcs_version>
    ./install

    That will prompt you whether you want to upgrade your existing installation from your current version to the same version.

    Hope this helps.

  4. #14
    Join Date
    Jul 2009
    Posts
    23
    Rep Power
    6

    Default

    I found a rather crude way around the issue which you can try at your own risk.

    su zimbra
    zmlocalconfig -e ssl_allow_untrusted_certs=true

    And then you run the same old commands from this page:-
    Administration Console and CLI Certificate Tools - Zimbra :: Wiki

    It did give me some error messages but it was still able to deploy the cert; if this is not the way perhaps somebody can advise what is.

    Single-Node Self-Signed Certificate

    1. Begin by generating a new Certificate Authority (CA).

    /opt/zimbra/bin/zmcertmgr createca -new

    2. Then generate a certificate signed by the CA that expires in 365 days.

    /opt/zimbra/bin/zmcertmgr createcrt -new -days 365

    3. Next deploy the certificate.

    /opt/zimbra/bin/zmcertmgr deploycrt self

    4. Next deploy the CA.

    /opt/zimbra/bin/zmcertmgr deployca

    5. To finish, verify the certificate was deployed to all the services.

    /opt/zimbra/bin/zmcertmgr viewdeployedcrt

  5. #15
    Join Date
    Apr 2010
    Location
    Cape Town, South Africa
    Posts
    71
    Rep Power
    5

    Default

    Hi mutface,

    Yes, DNS is a major contributing factor in Zimbra. Could you guys list the following:

    cat /etc/resolv.conf /etc/hosts

    Also please show DNS resolution (i.e. dig mail.domain.tld)

    Regards.

  6. #16
    Join Date
    Jul 2009
    Posts
    23
    Rep Power
    6

    Default

    /etc/resolv.conf

    search abc.com
    nameserver 127.0.0.1

    /etc/hosts
    127.0.0.1 localhost.localdomain localhost
    192.168.1.2 archive.abc.com archive

    Since altering the SSL checking, I have been able to get the server started but MTA has a problem and cannot start - I don't know whether this is related and this error when trying to MTA or directly start saslauthd.

    saslauthd[25219] :set_auth_mech : failed to initialize mechanism zimbra

    Thanks in advance.

  7. #17
    Join Date
    Jul 2009
    Posts
    23
    Rep Power
    6

    Default

    [root@archive ~]# dig archive.abc.com any

    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5_7.1 <<>> archive.abc.com any
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55603
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;archive.abc.com. IN ANY

    ;; ANSWER SECTION:
    archive.abc.com. 2592000 IN SOA archive.abc.com.archive.abc.com. general.hodfords.com. 10118 43200 3600 3600000 2592000
    archive.abc.com. 2592000 IN NS 192.168.1.2.archive.abc.com.
    archive.abc.com. 2592000 IN MX 10 archive.abc.com.

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Dec 23 18:19:24 2011
    ;; MSG SIZE rcvd: 167



    [root@archive ~]# dig archive.abc.com mx

    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5_7.1 <<>> archive.abc.com mx
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25646
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;archive.abc.com. IN MX

    ;; ANSWER SECTION:
    archive.abc.com. 2592000 IN MX 10 archive.abc.com.

    ;; AUTHORITY SECTION:
    archive.abc.com. 2592000 IN NS 192.168.1.2.archive.abc.com.

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Fri Dec 23 18:19:06 2011
    ;; MSG SIZE rcvd: 85

  8. #18
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by mutface View Post
    [root@archive ~]# dig archive.abc.com any
    You haven't followed the advice I gave you in the other thread you started today on this topic, you need to follow the Split DNS article - as I said in that thread, your configuration is incorrect.

    The above dig command should be as follows:

    Code:
    dig abc.com any
    That uses the correct domain name and not the FQDN of the server (which is wrong), you also haven't corrected the NS record as I also mentioned in the other thread. I'll remove that other thread as it's a duplicate of your posts here and I seem to be wasting my time providing answers in that thread.
    Last edited by phoenix; 12-28-2011 at 01:19 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  9. #19
    Join Date
    Apr 2010
    Location
    Cape Town, South Africa
    Posts
    71
    Rep Power
    5

    Default

    Well said Bill

    mutface, please follow the "http://wiki.zimbra.com/wiki/Split_dns" article closely. Bill is quite correct in his answer that you need to ensure that your DNS is correct. If you require assistance with the Split DNS article, we will gladly assist.

    Compliments of the season to all.

  10. #20
    Join Date
    Nov 2009
    Posts
    89
    Rep Power
    6

    Default

    Thanks a lot buddhikeg & mutface. i was able to update the ert on my Mailbox & Ldap. While on MTA it gave methe below error. Any help is highly expected.

    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/mta1.hostname.pkcs12...failed.

    XXXXX ERROR: failed to create mta1.hostname.pkcs12
    unable to load private key
    12149:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:650:Expecting: ANY PRIVATE KEY

Similar Threads

  1. Did I miss something? (Zimbra GA 6.0.8 on Ubuntu 10.04)
    By vpetersson in forum Installation
    Replies: 2
    Last Post: 10-26-2010, 07:29 AM
  2. Old Backup stay in TO_DELETE status and no clearing..
    By bartounet in forum Administrators
    Replies: 0
    Last Post: 10-05-2010, 08:40 AM
  3. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 02:00 AM
  4. Big Fubar on 5 FOSS GA Upgrade
    By uxbod in forum Administrators
    Replies: 24
    Last Post: 01-21-2008, 03:37 AM
  5. My Zimbra server down ... please help :)
    By frankb in forum Administrators
    Replies: 2
    Last Post: 12-12-2007, 11:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •