Results 1 to 7 of 7

Thread: Issue with SSL Certifcation renewals, production environment down

Threaded View

  1. #1
    Join Date
    Jun 2011
    Posts
    12
    Rep Power
    4

    Default SOLVED Issue with SSL Certifcation renewals, production environment down

    My issues started last week when my ldap SSL certifications expired. I have attempted to renew them and I get the error below.

    Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.

    I have been all through the forums and none of the solutions seem to have worked. I have edited the zmcertmgr file and made the following changes

    #Default subject with the RDN values
    SUBJECT="/C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=bestpricehomes"
    validation_days=3650

    and I still get the error

    [root@mailbag zimbra]# /opt/zimbra/bin/zmcertmgr createcrt self -new
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20130428152241
    ** Retrieving server config key zimbraSSLCertificate...failed.
    ** Retrieving server config key zimbraSSLPrivateKey...failed.
    ** Generating a server csr for download self -keysize 1024
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20130428152248
    ** Retrieving Commercial CA cert from ldap...failed.
    ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done

    I have been all over the forums and I am getting blocked at every turn. I really think the issue might be the same for each problem but I have been down
    for a week and am out of ideas. I have included as much data as I could, does anyone have an idea?


    My load
    (7.1.4_GA_2555_CentOS5_64)

    I turned off the firewall.

    [root@mailbag conf]# lsmod | grep ip_tables
    [root@mailbag conf]#


    I then tired to back up the /opt/zimbra directory and reinstall the package. I then get these errors.

    Reload /.install -platform-override

    Installing LDAP configuration database...done.
    ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.naming.CommunicationException localhost:389)
    ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.naming.CommunicationException localhost:389)
    Setting defaults...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.naming.CommunicationException localhost:389)
    done.


    I believe these errors are from the fact I can't telnet to localhost 389.

    Telnet
    [root@mailbag opt]# telnet localhost 389
    Trying 127.0.0.1...
    telnet: connect to address 127.0.0.1: Connection refused
    telnet: Unable to connect


    root@mailbag conf]# nmap localhost -p 389

    Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2013-04-28 15:39 EDT
    Interesting ports on localhost.localdomain (127.0.0.1):
    PORT STATE SERVICE
    389/tcp closed ldap

    Yet the host name to 389 works.

    [root@mailbag conf]# nmap mailbag -p 389

    Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2013-04-28 15:38 EDT
    Interesting ports on mailbag.bestpricehomes.net (24.106.184.4):
    PORT STATE SERVICE
    389/tcp open ldap

    [root@mailbag conf]# nmap localhosts

    Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2013-04-28 16:47 EDT
    Interesting ports on mailbag.bestpricehomes.net (24.106.184.4):
    Not shown: 1676 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    111/tcp open rpcbind
    389/tcp open ldap
    772/tcp open cycleserv2

    Nmap finished: 1 IP address (1 host up) scanned in 0.


    DNS

    [root@mailbag ~]# dig bestpricehomes.net any

    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5_7.1 <<>> bestpricehomes.net any
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39787
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;bestpricehomes.net. IN ANY

    ;; ANSWER SECTION:
    bestpricehomes.net. 7200 IN A 24.106.184.4
    bestpricehomes.net. 7200 IN SOA NS27.WORLDNIC.COM. namehost.WORLDNIC.COM. 113042713 10800 3600 604800 3600
    bestpricehomes.net. 7200 IN MX 10 mailbag.bestpricehomes.net.
    bestpricehomes.net. 7200 IN NS NS27.WORLDNIC.COM.
    bestpricehomes.net. 7200 IN NS ns28.WORLDNIC.COM.

    ;; Query time: 142 msec
    ;; SERVER: 24.25.5.60#53(24.25.5.60)
    ;; WHEN: Sun Apr 28 14:08:57 2013
    ;; MSG SIZE rcvd: 171



    [root@mailbag ~]# dig bestpricehomes.net mx

    ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5_7.1 <<>> bestpricehomes.net mx
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5677
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;bestpricehomes.net. IN MX

    ;; ANSWER SECTION:
    bestpricehomes.net. 7200 IN MX 10 mailbag.bestpricehomes.net.

    ;; Query time: 62 msec
    ;; SERVER: 24.25.5.60#53(24.25.5.60)
    ;; WHEN: Sun Apr 28 14:09:40 2013
    ;; MSG SIZE rcvd: 60


    /etc/hosts
    [root@mailbag ~]# cat /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1 localhost.localdomain localhost
    #::1 localhost6.localdomain6 localhost6
    24.106.184.4 mailbag.bestpricehomes.net mailbag


    [zimbra@mailbag ~]$ zmcontrol status
    Unable to determine enabled services from ldap.
    Unable to determine enabled services. Cache is out of date or doesn't exist.
    [zimbra@mailbag ~]$


    Attempt to reload the same version back onto the server after coping the /opt/zimbra directory out of the way.




    [root@mailbag ~]# /opt/zimbra/bin/zmcertmgr deploycrt self
    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
    ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
    ** Installing CA to /opt/zimbra/conf/ca...done.


    [root@mailbag ~]# /opt/zimbra/bin/zmcertmgr verifycrt self
    ** Verifying /opt/zimbra/ssl/zimbra/server/server.crt against /opt/zimbra/ssl/z imbra/server/server.key
    Certificate (/opt/zimbra/ssl/zimbra/server/server.crt) and private key (/opt/zi mbra/ssl/zimbra/server/server.key) match.
    Valid Certificate: /opt/zimbra/ssl/zimbra/server/server.crt: OK
    [root@mailbag ~]# /opt/zimbra/bin/zmcertmgr verifycrt self
    ** Verifying /opt/zimbra/ssl/zimbra/server/server.crt against /opt/zimbra/ssl/zimbra/server/server.key
    Certificate (/opt/zimbra/ssl/zimbra/server/server.crt) and private key (/opt/zimbra/ssl/zimbra/server/server.key) match.
    Valid Certificate: /opt/zimbra/ssl/zimbra/server/server.crt: OK



    Reload /.install -platform-override

    Installing LDAP configuration database...done.
    ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.naming.CommunicationException localhost:389)
    ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.naming.CommunicationException localhost:389)
    Setting defaults...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.naming.CommunicationException localhost:389)
    done.




    [root@mailbag ~]# /opt/zimbra/bin/zmcertmgr createca -new
    ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
    ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
    ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.

    [root@mailbag ~]# /opt/zimbra/bin/zmcertmgr deployca -localonly
    ** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
    ** Copying CA to /opt/zimbra/conf/ca...done.

    [root@mailbag ~]# /opt/zimbra/bin/zmcertmgr createcrt self -new
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20130428150609
    ** Retrieving server config key zimbraSSLCertificate...failed.
    ** Retrieving server config key zimbraSSLPrivateKey...failed.
    ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.

    [root@mailbag ~]# /opt/zimbra/bin/zmcertmgr deploycrt self
    ** Saving server config key zimbraSSLCertificate...failed.
    ** Saving server config key zimbraSSLPrivateKey...failed.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.

    XXXXX ERROR: failed to create jetty.pkcs12
    unable to load private key
    46953544903024:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:696:Expecting: ANY PRIVATE KEY

    [zimbra@mailbag ~]$ ldap status
    slapd running pid: 20238
    [zimbra@mailbag ~]$



    -rw-r----- 1 zimbra zimbra 969 Apr 28 14:36 slapd.crt
    -rw-r----- 1 zimbra zimbra 916 Apr 28 14:36 slapd.key
    -rw-r----- 1 zimbra zimbra 969 Apr 28 14:36 smtpd.crt
    -rw-r----- 1 zimbra zimbra 916 Apr 28 14:36 smtpd.key


    [root@mailbag conf]# nmap mailbag -p 389

    Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2013-04-28 15:38 EDT
    Interesting ports on mailbag.bestpricehomes.net (24.106.184.4):
    PORT STATE SERVICE
    389/tcp open ldap

    [root@mailbag conf]# nmap localhost -p 389

    Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2013-04-28 15:39 EDT
    Interesting ports on localhost.localdomain (127.0.0.1):
    PORT STATE SERVICE
    389/tcp closed ldap

    zmlocalconfig > /tmp/jim
    ldap_dit_naming_rdn_attr_xmppcomponent =
    ldap_dit_naming_rdn_attr_zimlet =
    ldap_host = mailbag.bestpricehomes.net
    ldap_is_master = true
    ldap_master_url = ldap://mailbag.bestpricehomes.net:389
    ldap_nginx_password = *
    ldap_overlay_accesslog_logpurge = 01+00:00 00+04:00
    ldap_overlay_syncprov_checkpoint = 20 10
    ldap_overlay_syncprov_sessionlog = 500
    ldap_port = 389
    ldap_postfix_password = *
    ldap_read_timeout = 30000
    ldap_replication_password = *
    ldap_root_password = *
    ldap_starttls_required = true
    ldap_starttls_supported = 1
    ldap_url = ldap://mailbag.bestpricehomes.net:389
    localized_client_msgs_directory = ${mailboxd_directory}/webapps/zimbra/WEB-INF/classes/messages
    localized_msgs_directory = ${zimbra_home}/conf/msgs
    Last edited by jwh99; 05-02-2013 at 07:36 AM.

Similar Threads

  1. Replies: 3
    Last Post: 04-29-2010, 04:09 AM
  2. Replies: 7
    Last Post: 07-27-2008, 04:48 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •