Page 2 of 7 FirstFirst 1234 ... LastLast
Results 11 to 20 of 66

Thread: [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure

  1. #11
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    Thanks for the syntax.

    Still not working (tried 3 times, double-checking the password each time and trying cut/paste too) :
    Code:
    [zimbra@zimbra-oss ~]$ ldapmodify -x -h localhost  -D "uid=zimbra,cn=admins,cn=zimbra" -W
    Enter LDAP Password:
    ldap_bind: Can't contact LDAP server (-1)

  2. #12
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    slapd doesn't listen on localhost. It must be the name of your host.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  3. #13
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    /me stupid

    All done (steps a, b, c and d), no error.
    Now restarting zimbra...
    Last edited by Klug; 12-21-2007 at 02:48 PM.

  4. #14
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    Still not working, same error in zimbra.log

  5. #15
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    What is the output of (running as zimbra)

    Code:
    ldapsearch -x -ZZ -h "FQDN" -b "" -s base
    And it must be the fully qualified name of the host (FQDN).

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  6. #16
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Move the stuff in /opt/zimbra/ssl to a temp directory, and rerun the commands.

  7. #17
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    Quote Originally Posted by quanah View Post
    What is the output of (running as zimbra)
    Code:
    ldapsearch -x -ZZ -h "FQDN" -b "" -s base
    It says :
    Code:
    $ ldapsearch -x -ZZ -h "zimbra-oss.network-studio.com" -b "" -s base
    # extended LDIF
    #
    # LDAPv3
    # base <> with scope baseObject
    # filter: (objectclass=*)
    # requesting: ALL
    #
    
    #
    dn:
    objectClass: top
    objectClass: OpenLDAProotDSE
    
    # search result
    search: 3
    result: 0 Success
    
    # numResponses: 2
    # numEntries: 1

  8. #18
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    Quote Originally Posted by jholder View Post
    Move the stuff in /opt/zimbra/ssl to a temp directory, and rerun the commands.
    That fixed it 8)

    We moved everything elsewhere except ca.csr (we tried without the old file and it did not work), steps a to d and it works.

    There might be a problem with zmcertmgr : the /opt/zimbra/ssl/zimbra/ca/ca.pem file showed the correct hour (when I modified it) but what was inside is wrong :
    Code:
    # openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -noout -text
    Certificate:
        Data:
            Version: 1 (0x0)
            Serial Number: 0 (0x0)
            Signature Algorithm: md5WithRSAEncryption
            Issuer: C=US, ST=N/A, L=N/A, O=Zimbra Collaboration Suite
            Validity
                Not Before: Sep 19 14:30:12 2006 GMT
                Not After : Sep 19 14:30:12 2007 GMT
      .....
    Thank you so much for your help.

    Should I open a bug ?

  9. #19
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    No, we are aware of the issue and there's already a bug on it. Glad it is working now!

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  10. #20
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Just to tie the loose ends up:
    It appears that if you have an expired certificate, it can cause postfix to stop running. This will be fixed in 5.0.1

    See bug: Bug 23253 - an expired CA cert will block mail delivery after upgrading to 5.0.0

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 02:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. Issues...
    By timothyalangorman in forum Administrators
    Replies: 3
    Last Post: 11-19-2007, 10:43 AM
  4. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 09:09 AM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •