Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: SMTP SSL error

  1. #11
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default Nov 8 19:02:28 mx postfix/smtpd[20099]: warning: cannot get private key from file /o

    Did you re-run the zmcertinstall command? It takes two options for the mta, cert file and key file:

    zmcertinstall mta /opt/zimbra/ssl/ssl/server/smtpd.crt /opt/zimbra/ssl/ssl/ca/ca.key

  2. #12
    Join Date
    Nov 2005
    Location
    London
    Posts
    19
    Rep Power
    9

    Default

    right....after much hacking and chopping around I've decided to begin again. ./install -u and I've started over again as the more I hacked the more things stopped working until I had no https and no IMAPs.

    Thanks for all the support so far!

    Will begin again and will post my results.

    To outline what I am trying to achieve: I want to configure a mail/collaboration suite on a server and for it to support multiple virtual domains. I'd like each of these virtual domains to have SSL on their POP/IMAP/SMTP mail.

  3. #13
    Join Date
    Nov 2005
    Location
    London
    Posts
    19
    Rep Power
    9

    Default Reinstalled and ready to rock?

    Right, so I've got the server freshly installed and setup for one domain.

    Here's what works:
    IMAP with SSL from iMail client
    https:// :7071 for admin

    SMTP with Auth set in iMail fails with
    Code:
    Nov  8 23:02:27 mx postfix/smtpd[9327]: SSL_accept:error in SSLv3 read client certificate A
    Nov  8 23:02:27 mx postfix/smtpd[9327]: SSL_accept error from i-195-137-88-40.freedom2surf.net[195.137.88.40]: -1
    Nov  8 23:02:27 mx postfix/smtpd[9327]: lost connection after STARTTLS from i-195-137-88-40.freedom2surf.net[195.137.88.40]
    Nov  8 23:02:27 mx postfix/smtpd[9327]: disconnect from i-195-137-88-40.freedom2surf.net[195.137.88.40]
    after the key exchange

    http AND https for normal mail access are not running (but nmap shows the ports as open from both localhost and from the external IP)

  4. #14
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default other errors?

    Did postfix spit out any errors on startup regarding TLS?

  5. #15
    Join Date
    Nov 2005
    Location
    London
    Posts
    19
    Rep Power
    9

    Default SMTP with SSL works!

    So, after a rebuild from scratch I have a working IMAP/POP/SMTP with SSL AUTH set of services.

    Here's what I've done to make sure that it works:
    My machine is currently on a private IP with ports forwarded through from the Real World (TM) by an IPCOP firewall. We are running a DNS server on a another machine on the LAN and Zimbra is using it for resolution of itself and other FQDNs. The /etc/hosts file has been modded:
    Code:
    127.0.0.1       localhost.localdomain   localhost
    192.168.0.150   mx.networkassociations.org.uk mx
    And during setup of Zimbra we setup the machine as mx.networkassociations.org.uk which has in turn created certificates that have a resovable FDQN matching that of the server connecting to.

    The iMail cient complains that the certificate has not been signed by a known authority but after I have said that I accept the certificate then all is good.

    And it works.

    But!

    My HTTP access is screwed - I've got HTTPS to :7071, but no HTTP or HTTP/S for email access......

    Thoughts anyone?

  6. #16
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Quote Originally Posted by robroadie
    My HTTP access is screwed - I've got HTTPS to :7071, but no HTTP or HTTP/S for email access......

    What do you get in the browser? Are you going to port 80? Did you try port 7070? Check out /opt/zimbra/tomcat/logs/catalina.out for more info.

  7. #17
    Join Date
    Nov 2005
    Location
    London
    Posts
    19
    Rep Power
    9

    Default

    Quote Originally Posted by KevinH
    What do you get in the browser? Are you going to port 80? Did you try port 7070? Check out /opt/zimbra/tomcat/logs/catalina.out for more info.
    I checked out the /opt/zimbra/tomcat/logs/catalina.out file and wasn't seeing anything when attempting to connect. I restarted the services and all was OK.

    I'll write up more on my install and post it to these forums.

    Thank you for your continued support.

  8. #18
    Join Date
    Nov 2005
    Location
    London
    Posts
    19
    Rep Power
    9

    Default Firewall ports I have opened up

    I'm posted some info on the firewall ports I have opened up here: http://www.zimbra.com/forums/showthr...=3332#post3332

  9. #19
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    14

    Default https

    If you can get https on the admin interface (7071) then your certs are fine - can you telnet to port 443 or 7443 on the server?

    If not, then you need to change the server's mode:

    su - zimbra
    zmtlsctl mixed (or https)

    tomcat stop
    tomcat start

    mixed mode - https login, http session
    https mode - all https, all the time

  10. #20
    Join Date
    Nov 2005
    Location
    London
    Posts
    19
    Rep Power
    9

    Default

    Quote Originally Posted by marcmac
    You need to change the server's mode:
    su - zimbra
    zmtlsctl mixed (or https)

    tomcat stop
    tomcat start

    Modes: mixed mode - https login, http session
    Modes: https mode - all https, all the time
    Marcmac, thanks for your support. As I mentioned in my previous post I restarted the services all was fine. Your information on how to change the server mode is really useful. I thought I'd highlight it by replying.

Similar Threads

  1. Replies: 23
    Last Post: 01-24-2013, 02:44 PM
  2. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. M3 problem with shares
    By titangears in forum Users
    Replies: 4
    Last Post: 01-12-2006, 12:01 PM
  5. Building native libraries on MacOS X
    By ajmas in forum Developers
    Replies: 3
    Last Post: 10-14-2005, 11:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •