maybe this needs a new thread.
I got an issue upgrading a rapidssl cert on a multi-server environment.
The scenario is this:
server-a: master ldap, storage, proxy to an other storage server, server-b
server-b: ldap replica, storage, proxyied by server-a
server-c: storage, no ldap installed, use server-a ldap
server-d: ldap replica, storage
Each server has its own commercial rapidssl cert, they are all 1024 bits, sadly.
I have successfully upgraded expiring cert on server-a using intermediate cert, with root 2048 cert, and now server-b and server-c are unable to connect:
Should I copy ca.key and ca.pem like in here: http://wiki.zimbra.com/wiki/Ajcody-N...b_from_Baylink
Jun 18 00:03:19 webmail slapd: slap_client_connect: URI=ldap://server-a.tld-domain.it:389 Error, ldap_start_tls failed (-11)
My cert will expire tomorrow and i dunno what to do install new cert.
I moved the "ca" directory to "ca.BAK" to back it up, made a new ca directory, and then went through the steps detailed in that post.
Once done, zimbra started up without a problem:
1) Clear all the contents of the /opt/zimbra/conf/ca directory by backing them up
somewhere on disk.
2) Copy the /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/conf/ca/ca.key
3) Copy /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/conf/ca/ca.pem
4) Create the hash value
ln -f -s ca.pem /opt/zimbra/conf/ca/`openssl x509 -hash -noout -in
5) Chmod 644 /opt/zimbra/conf/ca/*
6) Restart the zmcontrol