Install New SSL Certificate

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
crmade
Posts: 2
Joined: Thu Dec 08, 2016 8:40 pm

Install New SSL Certificate

Postby crmade » Thu Dec 08, 2016 8:59 pm

Hi,
I'm trying to install a new SSL certificate on Version 8.7.0_GA_1659.FOSS Jun 28, 2016 but I keep getting an error. I have gone through a lot of link from google but I have not been able to find a solution.
Has anybody encounter this issue before and have been able to fix it?
Here is the actual error:
Your certificate was not installed due to the error : system failure: exception executing command: zmcertmgr verifycrtchain /opt/zimbra/data/tmp/496d91fa-49a9-4277-afec-142e9b539965/chain_ecbbcd3a-325d-4aff-a08a-0d8aad744775 /opt/zimbra/data/tmp/496d91fa-49a9-4277-afec-142e9b539965/crt_ecbbcd3a-325d-4aff-a08a-0d8aad744775 with {RemoteManager: <hostname>->zimbra@<hostname>:22}

Message: Your certificate was not installed due to the error : system failure: exception executing command: zmcertmgr verifycrtchain /opt/zimbra/data/tmp/4396f477-d459-4521-b677-2edf50d823bb/chain_5f4a3084-e964-49a9-aa21-4a429457d0f8 /opt/zimbra/data/tmp/4396f477-d459-4521-b677-2edf50d823bb/crt_5f4a3084-e964-49a9-aa21-4a429457d0f8 with {RemoteManager:

Thanks.


crmade
Posts: 2
Joined: Thu Dec 08, 2016 8:40 pm

Re: Install New SSL Certificate

Postby crmade » Tue Jan 24, 2017 7:20 pm

Hi,
Any ideas??
I really do not know what it going on or what is happening. I have installed certs on Zimbra before but this is the first time this ever happen to me.
Thanks.
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 484
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 8.7.11_P14 RHEL6 Network Edition
Contact:

Re: Install New SSL Certificate

Postby JDunphy » Fri Jan 27, 2017 11:27 pm

A few guesses but I haven't experienced that message myself so keep that in mind.

When I have received a verify error it is generally because the fullchain is incomplete ... but because you also have hostname listed in that error with ssh(22), I am wondering how you are invoking it. I tend to run it by hand from the command line.

Is this a multi-machine zimbra install? If it is... are all the hosts at the same zimbra version. At 8.7+, zmcertmgr needs to run as zimbra when previously it was 'root' with 8.6 and below.

If this is a single host install and you are running it from zimbra admin console, make sure you don't have any missing dashes in the BEGIN part of your certs. zmcertmgr goes out of its way by doing this:

Code: Select all

/^-----BEGIN CERTIFICATE-----\s*$/


so any mistake in cut/paste can lead to failed certs loading. I would verify the CERT you are loading and look for odd characters that could be introduced by email, etc if this is a signed cert.

Return to “Administrators”

Who is online

Users browsing this forum: MSN [Bot] and 13 guests