Results 1 to 3 of 3

Thread: New Mailbox - LDAP Cert Problems

  1. #1
    Join Date
    Sep 2006
    Location
    Illinois
    Posts
    374
    Rep Power
    9

    Default New Mailbox - LDAP Cert Problems

    Hi,

    Multi-node setup. I'm bringing a new mailbox server online and have installed Zimbra and added it to the existing Zimbra multi-node setup. However it won't start Zimbra...
    Code:
    $ zmcontrol start
    Host zcs-mb01.wiu.edu
    Unable to determine enabled services from ldap.
    Unable to determine enabled services. Cache is out of date or doesn't exist.
    This seems to be related to a cert problem on LDAP. But the cert there is good...
    Code:
    # /opt/zimbra/bin/zmcertmgr viewdeployedcrt ldap | grep not
    notBefore=Dec 22 02:40:56 2012 GMT
    notAfter=Dec 22 02:40:56 2013 GMT
    However that doesn't match the cert that the new mailbox thinks it has...
    Code:
    # /opt/zimbra/bin/zmcertmgr viewdeployedcrt ldap | grep not
    notBefore=Mar 15 15:30:09 2013 GMT
    notAfter=Mar 15 15:30:09 2014 GMT
    When I tried to deploycrt from the LDAP server to the new mailbox, the new mailbox prompted me for the Zimbra password, which there isn't one and which none of the other systems asked for....
    Code:
    # /opt/zimbra/bin/zmcertmgr deploycrt self -allserver
    Warning: Permanently added 'zcs-mb01.wiu.edu,10.50.102.101' (RSA) to the list of known hosts.
    zimbra@zcs-mb01.wiu.edu's password:
    So I'm not sure what I'm missing here. Any ideas?

    Thanks,
    Matt

  2. #2
    Join Date
    Sep 2006
    Location
    Illinois
    Posts
    374
    Rep Power
    9

    Default

    This command on the new mailbox server fails...

    Code:
    # /opt/zimbra/bin/zmcertmgr getcrt self -allserver
    ** Retrieving global config key zimbraSSLCertificate...failed.
    ** Retrieving global config key zimbraSSLPrivateKey...failed.

  3. #3
    Join Date
    Sep 2006
    Location
    Illinois
    Posts
    374
    Rep Power
    9

    Default

    Looks like this setting is the culprit....

    Code:
    zmlocalconfig -e ssl_allow_untrusted_certs=true
    Setting that to true allowed me to do the getcrt command and then rerun /opt/zimbra/libexec/zmsetup.pl

    Did I miss a configuration option during the install where I could have set that zmlocalconfig parameter?

Similar Threads

  1. After Cert install Zimbra will not start LDAP errors
    By pinkstond in forum Administrators
    Replies: 5
    Last Post: 03-22-2013, 02:05 AM
  2. LDAP external auth with ca cert and client cert
    By mattiashem in forum Administrators
    Replies: 1
    Last Post: 02-13-2012, 06:11 AM
  3. Replies: 1
    Last Post: 10-01-2009, 12:58 PM
  4. ZCS 6.0rc1 & godaddy SSL cert problems
    By mzeier in forum Installation
    Replies: 3
    Last Post: 08-03-2009, 08:06 AM
  5. GoDaddy Cert Problems
    By natediggs in forum Administrators
    Replies: 1
    Last Post: 07-21-2008, 03:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •