I'm trying to work through creating a new self-signed cert that lasts longer than the default 365 days. In the process, I'm now having trouble with Zimbra Mobile. After mucking around quite a bit, I've found a problem that may be causing it:

So, I've followed the instructions here to rebuild SSL CA/Certs: http://wiki.zimbra.com/index.php?tit...icate_Problems

But I've found that when I run the following to check LDAP stored values:
zmprov gcf zimbraCertAuthorityKeySelfSigned
zmprov gcf zimbraCertAuthorityCertSelfSigned

I get old certificates rather than the new certificates (as compared to /opt/zimbra/ssl/ssl/ca/ca.key and ca.pem). I've restarted zimbra, and rebooted just to make sure zimbra config didn't need to do something but that wasn't it.

I'm trying to use zmprov to 'fix' the values in LDAP to match my new certs but I can't seem to get the right syntax. According to help, this *should* work, but it isn't working:

zmprov -d -f /opt/zimbra/ssl/ssl/ca/ca.key mcf zimbraCertAuthorityKeySelfSigned

Here is output, any help appreciated!


zimbra@zimbra->zmprov -d -f /opt/zimbra/ssl/ssl/ca/ca.key mcf zimbraCertAuthorityKeySelfSigned
========== SOAP SEND ==========
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<context xmlns="urn:zimbra"/>
<AuthRequest xmlns="urn:zimbraAdmin">
======== SOAP RECEIVE =========
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<context xmlns="urn:zimbra">
<sessionId type="admin" id="10">10</sessionId>
<AuthResponse xmlns="urn:zimbraAdmin">
<authToken>0_715119902cb65b457bf46532feaafa6e4578f d3b_69643d33363a65306661666438392d313336302d313164 392d383636312d3030306139356439386566323b6578703d31 333a313136333637323432393532333b61646d696e3d313a31 3b</authToken>
<a n="zimbraIsDomainAdminAccount">false</a>
<sessionId type="admin" id="10">10</sessionId>
=============================== (364 msecs)
usage: modifyConfig(mcf) attr1 value1 [attr2 value2...]

zmprov [args] [cmd] [cmd-args ...]

-h/--help display usage
-f/--file use file as input stream
-s/--server {host}[:{port}] server hostname and optional port
-l/--ldap provision via LDAP instead of SOAP
-a/--account {name} account name to auth as
-p/--password {pass} password for account
-P/--passfile {file} read password from file
-z/--zadmin use zimbra admin name/password from localconfig for admin/password
-v/--verbose verbose mode (dumps full exception stack trace)
-d/--debug debug mode (dumps SOAP messages)

zmprov is used for provisioning. Try:

zmprov help account help on account-related commands
zmprov help calendar help on calendar resource-related commands
zmprov help commands help on all commands
zmprov help config help on config-related commands
zmprov help cos help on COS-related commands
zmprov help domain help on domain-related commands
zmprov help list help on distribution list-related commands
zmprov help misc help on misc commands
zmprov help notebook help on notebook-related commands
zmprov help search help on search-related commands
zmprov help server help on server-related commands