Results 1 to 10 of 10

Thread: LDAP certificate error

Threaded View

  1. #1
    Join Date
    Jan 2011
    Posts
    14
    Rep Power
    4

    Default Installing self-signed cert from Admin web page breaks server

    I'm running Zimbra 8.0.4 Open Source Edition on CentOS 6.4, and when I login to the Zimbra Administration web page and tell it to create a new self-signed certificate, I get this error:

    Code:
    Your certificate was not installed due to the error : system failure: exception executing command: zmcertmgr deploycrt self with {RemoteManager: [domain]->zimbra@[domain]:22} Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: exception executing command: zmcertmgr deploycrt self with {RemoteManager: [domain]->zimbra@[domain]:22}
    When I SSH into the server and run the command manually, this is what I get:

    Code:
    # /opt/zimbra/bin/zmcertmgr deploycrt self
    ** Saving server config key zimbraSSLCertificate...done.
    ** Saving server config key zimbraSSLPrivateKey...done.
    ** Installing mta certificate and key...done.
    ** Installing slapd certificate and key...done.
    ** Installing proxy certificate and key...done.
    ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.
    
    XXXXX ERROR: failed to create jetty.pkcs12
    unable to load certificates
    The next time I reboot the server, ldap fails to start with this message:

    Code:
    Host [hostname]
            Starting ldap...Done.
    Failed.
    Failed to start slapd.  Attempting debug start to determine error.
    TLS: error:0906D06C:PEM routines:PEM_read_bio:no start line pem_lib.c:703
    TLS: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib ssl_rsa.c:491
    51c3b682 main: TLS init def ctx failed: -1
    After a bit of digging, I came across the following procedure, which seems to have fixed my problem of zimbra not starting:

    Code:
    Source (forum post): http://www.zimbra.com/forums/administrators/23065-solved-problem-install-self-signed-certificate-zimbra-5-0-10_ga_2638-rh.html#post111124
    Source (forum post info was based on): http://wiki.zimbra.com/index.php?title=Recreating_a_Self-Signed_SSL_Certificate
    
    As Root:
    rm -rf /opt/zimbra/ssl
    mkdir /opt/zimbra/ssl
    chown zimbra:zimbra /opt/zimbra/ssl
    chown zimbra:zimbra /opt/zimbra/java/jre/lib/security/cacerts
    chmod 644 /opt/zimbra/java/jre/lib/security/cacerts
    
    As zimbra:
    keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
    keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass $(zmlocalconfig -s -m nokey mailboxd_keystore_password)
    
    As root:
    /opt/zimbra/bin/zmcertmgr createca -new
    /opt/zimbra/bin/zmcertmgr deployca -localonly
    /opt/zimbra/bin/zmcertmgr createcrt self -new
    /opt/zimbra/bin/zmcertmgr deploycrt self
    
    As zimbra
    zmcontrol start
    But if I try to create a self-signed certificate from the Admin page again, the same thing happens.

    Has anyone else experienced the same problem?
    Last edited by hellspawn; 06-24-2013 at 04:13 PM.

Similar Threads

  1. SMIME: LDAP to GAL certificate syncronization.
    By inigoml in forum Administrators
    Replies: 0
    Last Post: 03-12-2013, 04:13 AM
  2. Zimbra LDAP Certificate
    By peter76 in forum Developers
    Replies: 0
    Last Post: 04-20-2010, 03:19 PM
  3. Zimbra LDAP Certificate
    By peter76 in forum Administrators
    Replies: 0
    Last Post: 04-20-2010, 03:19 PM
  4. ldap error after certificate change
    By martinx in forum Installation
    Replies: 9
    Last Post: 10-21-2008, 07:10 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •