Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 31

Thread: Renewing certificate failed zimbra 6

  1. #21
    Join Date
    Apr 2010
    Location
    Cape Town, South Africa
    Posts
    71
    Rep Power
    5

    Default

    Hi wooby,

    Have you tried the following (as root):

    cd ~
    su - zimbra -c 'zmcontrol stop'
    mv /opt/zimbra/ssl/zimbra/ ./sslbackup
    scp -r <mastercertserver>:/opt/zimbra/ssl/zimbra/ /opt/zimbra/ssl/zimbra/
    su - zimbra -c 'zmlocalconfig -e ssl_allow_untrusted_certs=true'
    /opt/zimbra/bin/zmcertmgr deployca self
    /opt/zimbra/bin/zmcertmgr deploycrt self
    su - zimbra -c 'zmcontrol restart'

    Regards.
    Last edited by GWilliams; 01-03-2012 at 10:43 PM.

  2. #22
    Join Date
    Jul 2009
    Posts
    9
    Rep Power
    6

    Unhappy same problem

    Hi

    I have the same error, I have followed all what you have said in this thread, but it doesn't work.
    Here is my input:

    zimbra@mail:~/log$ zmcontrol -v

    Release 6.0.8_GA_2661.DEBIAN5 DEBIAN5 FOSS edition.


    zimbra@mail:~/log$ zmlocalconfig -s ssl_allow_untrusted_certs
    ssl_allow_untrusted_certs = false

    zimbra@mail:~/log$ zmlocalconfig -e ssl_allow_untrusted_certs=true

    zimbra@mail:~/log$ zmlocalconfig -s ssl_allow_untrusted_certs
    ssl_allow_untrusted_certs = true

    zimbra@mail:~/log$ zmcontrol status
    Host mail.mydomain.cr
    antispam Running
    antivirus Running
    ldap Running
    logger Running
    mailbox Running
    mta Running
    snmp Running
    spell Running
    stats Running

    zimbra@mail:~/log$ zmcontrol stop
    Host mail.mydomain.cr
    Stopping stats...Done.
    Stopping mta...Done.
    Stopping spell...Done.
    Stopping snmp...Done.
    Stopping archiving...Done.
    Stopping antivirus...Done.
    Stopping antispam...Done.
    Stopping imapproxy...Done.
    Stopping memcached...Done.
    Stopping mailbox...Done.
    Stopping logger...Done.
    Stopping ldap...Done.
    zimbra@mail:~/log$ exit
    exit
    mail:/opt/zimbra/log# /opt/zimbra/bin/zmcertmgr createca -new
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.

    mail:/opt/zimbra/log# /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
    Validation days: 365
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20120105001624
    ** Generating a server csr for download self -new -keysize 1024
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20120105001624
    ** Retrieving Commercial CA cert from ldap...failed.
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.

    mail:/opt/zimbra/log# /opt/zimbra/bin/zmcertmgr deploycrt self
    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.

    mail:/opt/zimbra/log# /opt/zimbra/bin/zmcertmgr deployca
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
    ** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
    ** Copying CA to /opt/zimbra/conf/ca...done.
    unable to load certificate
    5798:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:650:Expecting: TRUSTED CERTIFICATE

    mail:/opt/zimbra/log# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
    ::service mta::
    notBefore=Jan 5 06:16:29 2012 GMT
    notAfter=Jan 4 06:16:29 2013 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomain.cr
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomain.cr
    SubjectAltName=
    ::service proxy::
    notBefore=Jan 5 06:16:29 2012 GMT
    notAfter=Jan 4 06:16:29 2013 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomain.cr
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomain.cr
    SubjectAltName=
    ::service mailboxd::
    notBefore=Jan 5 06:16:29 2012 GMT
    notAfter=Jan 4 06:16:29 2013 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomain.cr
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomain.cr
    SubjectAltName=
    ::service ldap::
    notBefore=Jan 5 06:16:29 2012 GMT
    notAfter=Jan 4 06:16:29 2013 GMT
    subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomain.cr
    issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.mydomain.cr
    SubjectAltName=

    mail:/opt/zimbra/log# su zimbra
    zimbra@mail:~/log$ zmcontrol start
    Host mail.mydomain.cr
    Starting ldap...Done.
    Starting logger...Done.
    Starting mailbox...Done.
    Starting antispam...Done.
    Starting antivirus...Done.
    Starting snmp...Done.
    Starting spell...Done.
    Starting mta...Done.
    Starting stats...Done.

  3. #23
    Join Date
    Jul 2009
    Posts
    9
    Rep Power
    6

    Default same problem part 2

    /VAR/LOG/zimbra.log

    mail:/var/log# tail -50 zimbra.log
    Jan 5 00:18:54 mail clamd[9914]: Algorithmic detection enabled.
    Jan 5 00:18:54 mail clamd[9914]: Portable Executable support enabled.
    Jan 5 00:18:54 mail clamd[9914]: ELF support enabled.
    Jan 5 00:18:54 mail clamd[9914]: Mail files support enabled.
    Jan 5 00:18:54 mail clamd[9914]: OLE2 support enabled.
    Jan 5 00:18:54 mail clamd[9914]: PDF support enabled.
    Jan 5 00:18:54 mail clamd[9914]: HTML support enabled.
    Jan 5 00:18:54 mail clamd[9914]: Self checking every 600 seconds.
    Jan 5 00:18:57 mail zimbramon[5918]: 5918:info: Starting snmp via zmcontrol
    Jan 5 00:18:57 mail zimbramon[5918]: 5918:info: Starting spell via zmcontrol
    Jan 5 00:18:57 mail zimbramon[5918]: 5918:info: Starting mta via zmcontrol
    Jan 5 00:19:21 mail postfix/postfix-script[10963]: warning: not owned by root: /opt/zimbra/data/postfix/spool
    Jan 5 00:19:21 mail postfix/postfix-script[10970]: warning: not owned by root: /opt/zimbra/postfix-2.6.7.2z/conf/main.cf
    Jan 5 00:19:21 mail postfix/postfix-script[10971]: warning: not owned by root: /opt/zimbra/postfix-2.6.7.2z/conf/master.cf
    Jan 5 00:19:21 mail postfix/postfix-script[10972]: warning: not owned by root: /opt/zimbra/postfix-2.6.7.2z/conf/master.cf.in
    Jan 5 00:19:21 mail postfix/postfix-script[10975]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/inet.465
    Jan 5 00:19:21 mail postfix/postfix-script[10976]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.trace
    Jan 5 00:19:21 mail postfix/postfix-script[10977]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.smtp
    Jan 5 00:19:21 mail postfix/postfix-script[10978]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.bounce
    Jan 5 00:19:21 mail postfix/postfix-script[10979]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/master.pid
    Jan 5 00:19:21 mail postfix/postfix-script[10980]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.error
    Jan 5 00:19:21 mail postfix/postfix-script[10981]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.retry
    Jan 5 00:19:21 mail postfix/postfix-script[10982]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.defer
    Jan 5 00:19:21 mail postfix/postfix-script[10983]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/inet.127.0.0.1:10025
    Jan 5 00:19:21 mail postfix/postfix-script[10984]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.cleanup
    Jan 5 00:19:21 mail postfix/postfix-script[10985]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/inet.submission
    Jan 5 00:19:21 mail postfix/postfix-script[10986]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.showq
    Jan 5 00:19:21 mail postfix/postfix-script[10987]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/inet.smtp
    Jan 5 00:19:21 mail postfix/postfix-script[10988]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.smtp-amavis
    Jan 5 00:19:21 mail postfix/postfix-script[10989]: warning: not owned by postfix: /opt/zimbra/data/postfix/./spool/pid/unix.lmtp
    Jan 5 00:19:21 mail postfix/postfix-script[11001]: starting the Postfix mail system
    Jan 5 00:19:21 mail postfix/master[11002]: daemon started -- version 2.6.7, configuration /opt/zimbra/postfix-2.6.7.2z/conf
    Jan 5 00:19:21 mail saslauthd[11010]: detach_tty : master pid is: 11010
    Jan 5 00:19:21 mail saslauthd[11010]: ipc_init : listening on socket: /opt/zimbra/cyrus-sasl-2.1.23.3z/state/mux
    Jan 5 00:19:21 mail zimbramon[5918]: 5918:info: Starting stats via zmcontrol
    Jan 5 00:19:52 mail zmmailboxdmgr[12879]: status requested
    Jan 5 00:19:52 mail zmmailboxdmgr[12879]: status OK
    Jan 5 00:19:53 mail zmmailboxdmgr[12943]: status requested
    Jan 5 00:19:53 mail zmmailboxdmgr[12943]: status OK
    Jan 5 00:19:53 mail zmmailboxdmgr[13061]: status requested
    Jan 5 00:19:53 mail zmmailboxdmgr[13061]: status OK
    Jan 5 00:20:02 mail zimbramon[13170]: 13170:info: 2012-01-05 00:20:02, QUEUE: 0 0
    Jan 5 00:20:06 mail zmmailboxdmgr[13615]: status requested
    Jan 5 00:20:06 mail zmmailboxdmgr[13615]: status OK
    Jan 5 00:21:13 mail zmmailboxdmgr[14626]: status requested
    Jan 5 00:21:13 mail zmmailboxdmgr[14626]: status OK
    Jan 5 00:21:13 mail zmmailboxdmgr[14689]: status requested
    Jan 5 00:21:13 mail zmmailboxdmgr[14689]: status OK
    Jan 5 00:22:05 mail zmmailboxdmgr[15018]: status requested
    Jan 5 00:22:05 mail zmmailboxdmgr[15018]: status OK


    /OPT/ZIMBRA/LOG/

    mail:/opt/zimbra/log# tail -50 mailbox.log
    2012-01-05 00:18:51,231 INFO [main] [] soap - Adding service ZimbraCertMgrService to AdminServlet
    2012-01-05 00:18:51,236 INFO [main] [] soap - Adding service ZimbraBulkProvisionService to AdminServlet
    2012-01-05 00:18:51,251 INFO [main] [] soap - Adding service ZimbraLDAPUtilsService to AdminServlet
    2012-01-05 00:18:51,269 INFO [main] [] ContentServlet - Servlet ContentServlet starting up
    2012-01-05 00:18:51,273 INFO [main] [] account - Servlet PreAuthServlet starting up
    2012-01-05 00:18:51,276 INFO [main] [] PublicICalServlet - Servlet PublicICalServlet starting up
    2012-01-05 00:18:51,375 INFO [main] [] mailbox - Servlet UserServlet starting up
    2012-01-05 00:18:51,398 INFO [main] [] FileUploadServlet - Servlet FileUploadServlet starting up
    2012-01-05 00:18:51,403 INFO [main] [] StatsImageServlet - Servlet StatsImageServlet starting up
    2012-01-05 00:18:51,514 WARN [main] [] log - No value for env-entry-name trustedIPs
    2012-01-05 00:18:51,517 INFO [main] [] log - No Transaction manager found - if your webapp requires one, please configure one.
    2012-01-05 00:18:52,030 WARN [main] [] log - No value for env-entry-name trustedIPs
    2012-01-05 00:18:52,033 INFO [main] [] log - No Transaction manager found - if your webapp requires one, please configure one.
    2012-01-05 00:18:52,463 INFO [main] [] log - No Transaction manager found - if your webapp requires one, please configure one.
    2012-01-05 00:18:52,591 INFO [main] [] log - Opened /opt/zimbra/jetty-6.1.22.z6/logs/access_log.2012-01-05
    2012-01-05 00:18:52,608 INFO [main] [] log - Started SelectChannelConnector@0.0.0.0:80
    2012-01-05 00:18:52,618 INFO [main] [] log - Started SslSelectChannelConnector@0.0.0.0:7071
    2012-01-05 00:18:52,620 INFO [main] [] log - Started SelectChannelConnector@0.0.0.0:7072
    2012-01-05 00:19:50,887 INFO [mailboxd.csv] [] cache - setting message cache size to 2000
    2012-01-05 00:20:05,691 INFO [btpool0-5://localhost:7071/service/admin/soap/AuthRequest] [ip=127.0.0.1;] AuthProvider - Adding auth provider: zimbra com.zimbra.cs.service.ZimbraAuthProvider
    2012-01-05 00:20:05,702 INFO [btpool0-5://localhost:7071/service/admin/soap/AuthRequest] [ip=127.0.0.1;] soap - AuthRequest
    2012-01-05 00:20:06,194 INFO [btpool0-5://localhost:7071/service/admin/soap/GetAllServersRequest] [name=zimbra;ip=127.0.0.1;] soap - GetAllServersRequest
    2012-01-05 00:20:12,978 INFO [ImapSSLServer-1] [ip=192.168.250.215;] ProtocolHandler - Exception occurred while handling connection
    javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:136)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAle rt(SSLSocketImpl.java:1694)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:939)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1120)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1147)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1131)
    at com.zimbra.cs.tcpserver.ProtocolHandler.startHands hake(ProtocolHandler.java:184)
    at com.zimbra.cs.tcpserver.ProtocolHandler.run(Protoc olHandler.java:134)
    at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Wo rker.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:619)
    2012-01-05 00:20:12,980 INFO [ImapSSLServer-1] [] ProtocolHandler - Handler exiting normally
    2012-01-05 00:22:12,948 INFO [ImapSSLServer-2] [ip=192.168.250.215;] ProtocolHandler - Exception occurred while handling connection
    javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:136)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAle rt(SSLSocketImpl.java:1694)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:939)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1120)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1147)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1131)
    at com.zimbra.cs.tcpserver.ProtocolHandler.startHands hake(ProtocolHandler.java:184)
    at com.zimbra.cs.tcpserver.ProtocolHandler.run(Protoc olHandler.java:134)
    at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Wo rker.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:619)
    2012-01-05 00:22:12,948 INFO [ImapSSLServer-2] [] ProtocolHandler - Handler exiting normally




    ************************************************** ************************************************** ************

    AFTER doing all the above, I try to access the zimbra webclient and it works, i can send and receive emails but if I use thunderbird I can receive emails, but I can't send emails and if I try to send an email it prompts for my password, when I type it, it doest work and keeps asking me for the password.

    mail:/var/log# tail -50 zimbra.log
    Jan 5 00:22:33 mail zmmailboxdmgr[16017]: status OK
    Jan 5 00:22:34 mail zmmailboxdmgr[16080]: status requested
    Jan 5 00:22:34 mail zmmailboxdmgr[16080]: status OK
    Jan 5 00:23:54 mail zmmailboxdmgr[17038]: status requested
    Jan 5 00:23:54 mail zmmailboxdmgr[17038]: status OK
    Jan 5 00:23:55 mail zmmailboxdmgr[17101]: status requested
    Jan 5 00:23:55 mail zmmailboxdmgr[17101]: status OK
    Jan 5 00:24:06 mail zmmailboxdmgr[17403]: status requested
    Jan 5 00:24:06 mail zmmailboxdmgr[17403]: status OK
    Jan 5 00:24:45 mail postfix/smtpd[17511]: connect from unknown[186.32.211.176]
    Jan 5 00:24:45 mail postfix/smtpd[17511]: setting up TLS connection from unknown[186.32.211.176]
    Jan 5 00:24:45 mail postfix/smtpd[17511]: Anonymous TLS connection established from unknown[186.32.211.176]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
    Jan 5 00:24:51 mail saslauthd[11011]: zmauth: authenticating against elected url 'https://mail.mydomain.cr:7071/service/admin/soap/' ...
    Jan 5 00:24:51 mail saslauthd[11011]: authentication against url 'https://mail.mydomain.cr:7071/service/admin/soap/' caused error 'curl_easy_perform: error(60): SSL certificate problem, verify that the CA cert is OK. Details:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed'
    Jan 5 00:24:51 mail saslauthd[11011]: url 'https://mail.mydomain.cr:7071/service/admin/soap/' will not be used for (at least) 600 seconds
    Jan 5 00:24:51 mail saslauthd[11011]: Authentication cycle re-elected url https://mail.mydomain.cr:7071/service/admin/soap/, giving up ...
    Jan 5 00:24:51 mail saslauthd[11011]: auth_zimbra: advisor202@mydomain.cr auth failed: curl_easy_perform: error(60): SSL certificate problem, verify that the CA cert is OK. Details:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Jan 5 00:24:51 mail saslauthd[11011]: do_auth : auth failure: [user=advisor202@mydomain.cr] [service=smtp] [realm=mydomain.cr] [mech=zimbra] [reason=Unknown]
    Jan 5 00:24:51 mail postfix/smtpd[17511]: warning: SASL authentication failure: Password verification failed
    Jan 5 00:24:51 mail postfix/smtpd[17511]: warning: unknown[186.32.211.176]: SASL PLAIN authentication failed: authentication failure
    Jan 5 00:24:51 mail saslauthd[11013]: zmauth: authenticating against elected url 'https://mail.mydomain.cr:7071/service/admin/soap/' ...
    Jan 5 00:24:51 mail saslauthd[11013]: authentication against url 'https://mail.mydomain.cr:7071/service/admin/soap/' caused error 'curl_easy_perform: error(60): SSL certificate problem, verify that the CA cert is OK. Details:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed'
    Jan 5 00:24:51 mail saslauthd[11013]: url 'https://mail.mydomain.cr:7071/service/admin/soap/' will not be used for (at least) 600 seconds
    Jan 5 00:24:51 mail saslauthd[11013]: Authentication cycle re-elected url https://mail.mydomain.cr:7071/service/admin/soap/, giving up ...
    Jan 5 00:24:51 mail saslauthd[11013]: auth_zimbra: advisor202@mydomain.cr auth failed: curl_easy_perform: error(60): SSL certificate problem, verify that the CA cert is OK. Details:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Jan 5 00:24:51 mail saslauthd[11013]: do_auth : auth failure: [user=advisor202@mydomain.cr] [service=smtp] [realm=mydomain.cr] [mech=zimbra] [reason=Unknown]
    Jan 5 00:24:51 mail postfix/smtpd[17511]: warning: unknown[186.32.211.176]: SASL LOGIN authentication failed: authentication failure
    Jan 5 00:24:56 mail saslauthd[11010]: zmauth: authenticating against elected url 'https://mail.mydomain.cr:7071/service/admin/soap/' ...
    Jan 5 00:24:56 mail saslauthd[11010]: authentication against url 'https://mail.mydomain.cr:7071/service/admin/soap/' caused error 'curl_easy_perform: error(60): SSL certificate problem, verify that the CA cert is OK. Details:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed'
    Jan 5 00:24:56 mail saslauthd[11010]: url 'https://mail.mydomain.cr:7071/service/admin/soap/' will not be used for (at least) 600 seconds
    Jan 5 00:24:56 mail saslauthd[11010]: Authentication cycle re-elected url https://mail.mydomain.cr:7071/service/admin/soap/, giving up ...
    Jan 5 00:24:56 mail saslauthd[11010]: auth_zimbra: advisor202@mydomain.cr auth failed: curl_easy_perform: error(60): SSL certificate problem, verify that the CA cert is OK. Details:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Jan 5 00:24:56 mail saslauthd[11010]: do_auth : auth failure: [user=advisor202@mydomain.cr] [service=smtp] [realm=mydomain.cr] [mech=zimbra] [reason=Unknown]
    Jan 5 00:24:56 mail postfix/smtpd[17511]: warning: SASL authentication failure: Password verification failed
    Jan 5 00:24:56 mail postfix/smtpd[17511]: warning: unknown[186.32.211.176]: SASL PLAIN authentication failed: authentication failure
    Jan 5 00:24:56 mail saslauthd[11014]: zmauth: authenticating against elected url 'https://mail.mydomain.cr:7071/service/admin/soap/' ...
    Jan 5 00:24:57 mail saslauthd[11014]: authentication against url 'https://mail.mydomain.cr:7071/service/admin/soap/' caused error 'curl_easy_perform: error(60): SSL certificate problem, verify that the CA cert is OK. Details:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed'
    Jan 5 00:24:57 mail saslauthd[11014]: url 'https://mail.mydomain.cr:7071/service/admin/soap/' will not be used for (at least) 600 seconds
    Jan 5 00:24:57 mail saslauthd[11014]: Authentication cycle re-elected url https://mail.mydomain.cr:7071/service/admin/soap/, giving up ...
    Jan 5 00:24:57 mail saslauthd[11014]: auth_zimbra: advisor202@mydomain.cr auth failed: curl_easy_perform: error(60): SSL certificate problem, verify that the CA cert is OK. Details:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Jan 5 00:24:57 mail saslauthd[11014]: do_auth : auth failure: [user=advisor202@mydomain.cr] [service=smtp] [realm=mydomain.cr] [mech=zimbra] [reason=Unknown]
    Jan 5 00:24:57 mail postfix/smtpd[17511]: warning: unknown[186.32.211.176]: SASL LOGIN authentication failed: authentication failure
    Jan 5 00:24:57 mail postfix/smtpd[17511]: disconnect from unknown[186.32.211.176]
    Jan 5 00:25:15 mail zmmailboxdmgr[18422]: status requested
    Jan 5 00:25:15 mail zmmailboxdmgr[18422]: status OK
    Jan 5 00:25:15 mail zmmailboxdmgr[18485]: status requested
    Jan 5 00:25:15 mail zmmailboxdmgr[18485]: status OK
    Jan 5 00:26:04 mail sshd[18527]: Accepted password for root from 192.168.250.6 port 48645 ssh2
    Jan 5 00:26:06 mail zmmailboxdmgr[18799]: status requested
    Jan 5 00:26:06 mail zmmailboxdmgr[18799]: status OK

    *********

  4. #24
    Join Date
    Jul 2009
    Posts
    9
    Rep Power
    6

    Default same problem part 3

    mail:/opt/zimbra/log# tail -50 mailbox.log
    javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:136)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAle rt(SSLSocketImpl.java:1694)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:939)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1120)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1147)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1131)
    at com.zimbra.cs.tcpserver.ProtocolHandler.startHands hake(ProtocolHandler.java:184)
    at com.zimbra.cs.tcpserver.ProtocolHandler.run(Protoc olHandler.java:134)
    at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Wo rker.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:619)
    2012-01-05 00:24:12,966 INFO [ImapSSLServer-4] [] ProtocolHandler - Handler exiting normally
    2012-01-05 00:24:18,309 INFO [ImapSSLServer-3] [] imap - [186.32.211.176] connected
    2012-01-05 00:24:18,604 INFO [ImapSSLServer-3] [name=advisor202@mydomain.cr;ip=186.32.211.176;] imap - user advisor202@mydomain.cr authenticated, mechanism=PLAIN [TLS]
    2012-01-05 00:24:18,851 INFO [ImapSSLServer-3] [name=advisor202@mydomain.cr;ip=186.32.211.176;] imap - CREATE failed: mailbox already exists: Trash
    2012-01-05 00:24:18,925 INFO [ImapSSLServer-3] [name=advisor202@mydomain.cr;ip=186.32.211.176;] imap - selected folder INBOX
    2012-01-05 00:24:51,523 WARN [btpool0-5] [] log - javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    2012-01-05 00:24:51,643 WARN [btpool0-5] [] log - javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    2012-01-05 00:24:56,899 WARN [btpool0-5] [] log - javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    2012-01-05 00:24:57,013 WARN [btpool0-5] [] log - javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    2012-01-05 00:25:03,106 INFO [ImapSSLServer-3] [] ProtocolHandler - Handler exiting normally
    2012-01-05 00:26:12,987 INFO [ImapSSLServer-6] [ip=192.168.250.215;] ProtocolHandler - Exception occurred while handling connection
    javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:136)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAle rt(SSLSocketImpl.java:1694)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:939)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1120)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1147)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1131)
    at com.zimbra.cs.tcpserver.ProtocolHandler.startHands hake(ProtocolHandler.java:184)
    at com.zimbra.cs.tcpserver.ProtocolHandler.run(Protoc olHandler.java:134)
    at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Wo rker.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:619)
    2012-01-05 00:26:12,988 INFO [ImapSSLServer-6] [] ProtocolHandler - Handler exiting normally
    2012-01-05 00:28:12,972 INFO [ImapSSLServer-7] [ip=192.168.250.215;] ProtocolHandler - Exception occurred while handling connection
    javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:136)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAle rt(SSLSocketImpl.java:1694)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:939)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1120)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1147)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1131)
    at com.zimbra.cs.tcpserver.ProtocolHandler.startHands hake(ProtocolHandler.java:184)
    at com.zimbra.cs.tcpserver.ProtocolHandler.run(Protoc olHandler.java:134)
    at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Wo rker.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:619)
    2012-01-05 00:28:12,973 INFO [ImapSSLServer-7] [] ProtocolHandler - Handler exiting normally

    I don't know what else to do, the last thing that I haven't tried is to upgrade to version 7.xx, but I don't know if this will fix that issue..

    Any comments and/or help is very very appreciate.

    Thanks,

  5. #25
    Join Date
    Jul 2009
    Posts
    9
    Rep Power
    6

    Default

    please, any help from the adminis??? I really need help

  6. #26
    Join Date
    Jul 2009
    Posts
    9
    Rep Power
    6

    Default

    hi,

    Please anyone that want to help or give any advise.. I really need to fix this issue.

    thanks,

  7. #27
    Join Date
    Feb 2012
    Posts
    2
    Rep Power
    3

    Default problem with certs renew

    Hi did you resolved this small issue.

    If not, just advice me I shall send you a small script that I use since 2007 to renew the certs.

    Jbwoodoo

  8. #28
    Join Date
    Apr 2010
    Location
    Cape Town, South Africa
    Posts
    71
    Rep Power
    5

    Default

    Hi jbwoodoo,

    Please post your script, as it would be nice to have for future occurances, even though some of us may have already overcome this issue.

    Regards,

  9. #29
    Join Date
    Jul 2009
    Posts
    9
    Rep Power
    6

    Default

    Hi jbwoodoo,

    No, I have couldn't fix this issue..

    If you have that script that can help me and also help the community to fix this issues, it would be very very appreciate it...

    Thanks a lot in advance.....

  10. #30
    Join Date
    Jul 2009
    Posts
    9
    Rep Power
    6

    Default

    hey please, I REALLY NEED YOUR HELP.. I can't make this server to work.. Can you please provide us that script...

    thanks in advance..

Similar Threads

  1. Did I miss something? (Zimbra GA 6.0.8 on Ubuntu 10.04)
    By vpetersson in forum Installation
    Replies: 2
    Last Post: 10-26-2010, 06:29 AM
  2. Old Backup stay in TO_DELETE status and no clearing..
    By bartounet in forum Administrators
    Replies: 0
    Last Post: 10-05-2010, 07:40 AM
  3. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 01:00 AM
  4. Big Fubar on 5 FOSS GA Upgrade
    By uxbod in forum Administrators
    Replies: 24
    Last Post: 01-21-2008, 02:37 AM
  5. My Zimbra server down ... please help :)
    By frankb in forum Administrators
    Replies: 2
    Last Post: 12-12-2007, 10:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •