Results 1 to 2 of 2

Thread: Zimbra don't start after update SSL sertificate

Hybrid View

  1. #1
    Join Date
    Mar 2012
    Posts
    1
    Rep Power
    3

    Default Zimbra don't start after update SSL sertificate

    We update our SSL sertificate and we have a problem:

    root@mail:~# /opt/zimbra/bin/zmcertmgr deploycrt self -allserver
    ** Saving global config key zimbraSSLCertificate...failed.
    ** Saving global config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.
    ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed)



    We used this algorithm to update the certificate:

    Multi-Node Self-Signed Certificate

    1. Begin by generating a new Certificate Authority (CA).
    /opt/zimbra/bin/zmcertmgr createca -new

    2. Then generate a certificate signed by the CA that expires in 365 days with either wild-card or subject altnames.
    /opt/zimbra/bin/zmcertmgr createcrt -new -days 365 -subject "/C=US/ST=CA/L=NVA/O=ZCS/OU=ZCS/CN=*.domain.tld"
    /opt/zimbra/bin/zmcertmgr createcrt -new -days 365 -subjectAltNames "host1.domain.tld,host2.domain.tld"

    3. Next, deploy the certificate to all nodes in the deployment.
    /opt/zimbra/bin/zmcertmgr deploycrt self -allserver

    4. To finish, verify the certificate was deployed.
    /opt/zimbra/bin/zmcertmgr viewdeployedcrt

  2. #2
    Join Date
    Jun 2011
    Posts
    76
    Rep Power
    4

    Default

    Just a shot in the dark but, have you tried a permissions fix?

    As root run this - # /opt/zimbra/libexec/zmfixperms --verbose --extended

    Then try the update again

Similar Threads

  1. fatal: parameter "smtpd_recipient_restrictions"
    By Robin in forum Administrators
    Replies: 8
    Last Post: 12-22-2010, 05:48 AM
  2. Replies: 12
    Last Post: 02-25-2008, 07:28 PM
  3. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 04:48 PM
  4. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 03:30 PM
  5. Replies: 8
    Last Post: 02-27-2007, 04:10 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •