[SOLVED] unable to load certificate - when creating new self signed cert

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
mbert
Posts: 25
Joined: Fri Sep 12, 2014 10:36 pm

[SOLVED] unable to load certificate - when creating new self signed cert

Postby mbert » Wed Jan 26, 2011 10:12 pm

After moving to a new Server (Ubuntu 6.06 32 -> 10.04 64), the logger service is not working correctly. In the Admin GUI Server status shows:

[QUOTE]Server status data is not available. To see the server status, loggers service must be installed. [/QUOTE]
Running zmcontrol -status shows everything is working correctly. The mail server has been functioning without any problems, except for the stats and status not working.
I suspected this may have something to do with the self signed cert we had to create during the move(in hindsight I think it might have complained of something in the process). So I decided to recreate the cert, and noticed that I am getting two errors.
On step 3 from Administration Console and CLI Certificate Tools - Zimbra :: Wiki, I get the following:
root@u10-04-zimbra:/opt/zimbra/bin# ./zmcertmgr deploycrt self

** Saving server config key zimbraSSLCertificate...done.

** Saving server config key zimbraSSLPrivateKey...done.

** Installing mta certificate and key...done.

** Installing slapd certificate and key...done.

** Installing proxy certificate and key...done.

** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.

** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.

** Installing CA to /opt/zimbra/conf/ca...unable to load certificate

26819:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: TRUSTED CERTIFICATE

done.


And on step 4:

root@u10-04-zimbra:/opt/zimbra/bin# ./zmcertmgr deployca

** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.

** Saving global config key zimbraCertAuthorityCertSelfSigned...done.

** Saving global config key zimbraCertAuthorityKeySelfSigned...done.

** Copying CA to /opt/zimbra/conf/ca...done.

unable to load certificate

27225:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:650:Expecting: TRUSTED CERTIFICATE


I have moved mailboxd/etc/keystore out of the way and tried this, with the same results.
So far I have been unable to locate an existing solution in the forums.


karol.k
Posts: 11
Joined: Sat Sep 13, 2014 1:02 am

[SOLVED] unable to load certificate - when creating new self signed cert

Postby karol.k » Tue Feb 08, 2011 4:51 pm

Well, I have got the same error. After i did ./install.sh -u and lost all my emails.... I found out, that its not an zimbra issue, but an open-ssh issue.

I have reinstalled ssh and openssh-server and the problem was solved.
I think, the error was caused by the validity of the ssh certificate.
mbert
Posts: 25
Joined: Fri Sep 12, 2014 10:36 pm

[SOLVED] unable to load certificate - when creating new self signed cert

Postby mbert » Tue Feb 15, 2011 9:07 pm

I finally had a chance to try your solution tonight, but no success so far.
Did you just remove and the install openssh-server and ssh, or did you completely purge them. Did you have to re-install zimbra or do the certs again after?
karol.k
Posts: 11
Joined: Sat Sep 13, 2014 1:02 am

[SOLVED] unable to load certificate - when creating new self signed cert

Postby karol.k » Sun Feb 20, 2011 12:35 pm

[quote user="mbert"]I finally had a chance to try your solution tonight, but no success so far.
Did you just remove and the install openssh-server and ssh, or did you completely purge them. Did you have to re-install zimbra or do the certs again after?[/QUOTE]
I did reinstall Zimbra as well.
mbert
Posts: 25
Joined: Fri Sep 12, 2014 10:36 pm

[SOLVED] unable to load certificate - when creating new self signed cert

Postby mbert » Fri Mar 04, 2011 2:55 pm

Well, after having no luck. I migrated everything over to a new server running 10.04.2 LTS, ZCS 6.0.10. Still wasn't working, so I re-installed openssh-server and then upgraded to ZCS 7.0.0 and voila, certs are working again.
But I am still having a problem that the server status is data is not available, so it must not be related to the ssl certs. I'll post a new thread for that one.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 24 guests