unable to modify domain from AdminConsole - Invalid certificate or private key

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
simred
Posts: 45
Joined: Wed Jun 28, 2017 9:40 am

unable to modify domain from AdminConsole - Invalid certificate or private key

Postby simred » Tue Aug 21, 2018 4:37 pm

Hi,
I've a working ZCS OSS 8.8.9 multinode setup. I've an host for the proxy and another host for the admin. Other hosts for mta and stores.
After I installed from CLI a per domain commercial certificate (Comodo certificate) on the proxy node, I'm unable to modify the domain from AdminConsole. When I click "save" in Configure-->domain->example.com I got the error "Invalid certificate or private key" (screenshot of the error was attached). From CLI I'm able to modify the domain. Before I installed the certificate I was able to modify the domain from AdminConsole.

This is all the steps on proxy node (no errors):
<<
zmprov cd example.com zimbraAuthMech zimbra
zmprov md example.com zimbraVirtualHostName mail.example.com
zmprov md example.com zimbraVirtualIPAddress x.y.u.i

/opt/zimbra/libexec/zmdomaincertmgr savecrt example.com /opt/zimbra/certs/example.com.bundle /opt/zimbra/certs/server.key
/opt/zimbra/libexec/zmdomaincertmgr deploycrts

zmprov md proxys.com zimbraPublicServiceHostname mail.example.com
zmprov md proxys.com zimbraPublicServiceProtocol https
zmprov md proxys.com zimbraPublicServicePort 443
>>

After proxy was restarted, the webmail shows the correct certificate was loaded.
Please note that the private key is passwordless, and the command "/opt/zimbra/bin/zmcertmgr verifycrt comm ..." returns "Valid certificate chain: ./server.crt: OK"

Any Idea? How to better troubleshoot?

Tnx & br.
Attachments
dom-error.jpg
dom-error.jpg (105.41 KiB) Viewed 99 times
cert-error.png
cert-error.png (42.5 KiB) Viewed 99 times


Return to “Administrators”

Who is online

Users browsing this forum: Baidu [Spider] and 34 guests