Glenno-Notes: Difference between revisions
No edit summary |
No edit summary |
||
| Line 69: | Line 69: | ||
2010-08-31 16:05:45,020 INFO [main] [] log - Started SelectChannelConnector@0.0.0.0:7072 | 2010-08-31 16:05:45,020 INFO [main] [] log - Started SelectChannelConnector@0.0.0.0:7072 | ||
</pre></code> | </pre></code> | ||
== SSL Cert Installation: Unmatching certificate and private key error == | |||
If you're seeing this error: | |||
<code><pre> | |||
root@zimbra:/tmp# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key commercial.crt commercial_ca.crt | |||
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key | |||
XXXXX ERROR: Unmatching certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair. | |||
</pre></code> | |||
It may be that the commercial.crt doesn't match the signature from commercial.key. The following two hashes should match, but don't: | |||
<code><pre> | |||
# openssl x509 -noout -modulus -in commercial.crt | openssl md5 | |||
f4033675a216bbbe0712917e3281fe3c | |||
# openssl rsa -noout -modulus -in commercial.key | openssl md5 | |||
76991327ac5bdae0840270dffeb4b214 | |||
</pre></code> | |||
Here is an example of two matching certificate and key files deployed for LDAP: | |||
<code><pre> | |||
# openssl x509 -noout -modulus -in /opt/zimbra/conf/slapd.crt | openssl md5 | |||
59688017a0601a37a07d8fcd4ec9908c | |||
# openssl rsa -noout -modulus -in /opt/zimbra/conf/slapd.key | openssl md5 | |||
59688017a0601a37a07d8fcd4ec9908c | |||
</pre></code> | |||
If you have the CSR you can check to which key it belongs: | |||
<code><pre>openssl req -noout -modulus -in server.csr | openssl md5</pre></code> | |||
For a full explanation of the above commands: http://kb.wisc.edu/middleware/page.php?id=4064 | |||
== Installing a Thawte SSL Certificate in ZCS 5.x and 6.x == | == Installing a Thawte SSL Certificate in ZCS 5.x and 6.x == | ||
Revision as of 20:05, 13 September 2010
 - This article is NOT official Zimbra documentation. It is a user contribution and may include unsupported customizations, references, suggestions, or information.
|
Output in mailbox.log when mailboxd stops and starts
Shutdown:
2010-08-31 16:00:06,751 INFO [Shutdown] [] log - Shutdown hook executing
2010-08-31 16:00:07,274 INFO [Shutdown] [] StatsImageServlet - Servlet StatsImageServlet shutting down
2010-08-31 16:00:07,275 INFO [Shutdown] [] FileUploadServlet - Servlet FileUploadServlet shutting down
2010-08-31 16:00:07,277 INFO [Shutdown] [] PublicICalServlet - Servlet PublicICalServlet shutting down
2010-08-31 16:00:07,277 INFO [Shutdown] [] account - Servlet PreAuthServlet shutting down
2010-08-31 16:00:07,277 INFO [Shutdown] [] mailbox - Servlet UserServlet shutting down
2010-08-31 16:00:07,277 INFO [Shutdown] [] ContentServlet - Servlet ContentServlet shutting down
2010-08-31 16:00:07,277 INFO [Shutdown] [] soap - Servlet AdminServlet shutting down
2010-08-31 16:00:07,278 INFO [Shutdown] [] TcpServer/7025 - LmtpServer initiating shutdown
2010-08-31 16:00:07,419 INFO [Shutdown] [] TcpServer/110 - Pop3Server initiating shutdown
2010-08-31 16:00:07,420 INFO [Pop3Server] [] TcpServer/110 - finished accept loop
2010-08-31 16:00:07,521 INFO [Shutdown] [] TcpServer/110 - Pop3Server shutting down idle thread pool
2010-08-31 16:00:07,521 INFO [Shutdown] [] TcpServer/995 - Pop3SSLServer initiating shutdown
2010-08-31 16:00:07,522 INFO [Pop3SSLServer] [] TcpServer/995 - finished accept loop
2010-08-31 16:00:07,720 INFO [Shutdown] [] TcpServer/995 - Pop3SSLServer shutting down idle thread pool
2010-08-31 16:00:07,721 INFO [Shutdown] [] TcpServer/143 - ImapServer initiating shutdown
2010-08-31 16:00:07,721 INFO [ImapServer] [] TcpServer/143 - finished accept loop
2010-08-31 16:00:07,816 INFO [Shutdown] [] TcpServer/143 - ImapServer shutting down idle thread pool
2010-08-31 16:00:07,816 INFO [Shutdown] [] TcpServer/993 - ImapSSLServer initiating shutdown
2010-08-31 16:00:07,816 INFO [ImapSSLServer] [] TcpServer/993 - finished accept loop
2010-08-31 16:00:07,877 INFO [Shutdown] [] TcpServer/993 - ImapSSLServer shutting down idle thread pool
....
2010-08-31 16:00:09,172 WARN [Shutdown] [] ZimbraHttpConnectionManager - shutting down http client idle connection reaper thread
2010-08-31 16:00:09,173 INFO [Shutdown] [] soap - Servlet SoapServlet shutting down
2010-08-31 16:00:09,342 INFO [Shutdown] [] log - Shutdown hook complete
Startup:
2010-08-31 16:05:26,172 INFO [main] [] soap - Servlet SoapServlet starting up
2010-08-31 16:05:26,501 INFO [main] [] soap - Adding service AccountService to SoapServlet
2010-08-31 16:05:26,861 INFO [main] [] soap - Adding service MailService to SoapServlet
2010-08-31 16:05:27,940 INFO [main] [] soap - Adding service IMService to SoapServlet
2010-08-31 16:05:27,986 INFO [main] [] misc - version=6.0.8_GA_2637 release=20100811142254 builddate=20100811-1424 buildhost=build01.lab.zimbra.com
2010-08-31 16:05:27,989 INFO [main] [] misc - LANG environment is set to: C
2010-08-31 16:05:27,989 INFO [main] [] misc - System property java.home=/opt/zimbra/jdk1.6.0_21/jre
2010-08-31 16:05:27,989 INFO [main] [] misc - System property java.runtime.version=1.6.0_21-b06
2010-08-31 16:05:27,989 INFO [main] [] misc - System property java.version=1.6.0_21
2010-08-31 16:05:27,989 INFO [main] [] misc - System property java.vm.info=mixed mode
2010-08-31 16:05:27,989 INFO [main] [] misc - System property java.vm.name=Java HotSpot(TM) Server VM
2010-08-31 16:05:27,989 INFO [main] [] misc - System property java.vm.version=17.0-b16
2010-08-31 16:05:27,989 INFO [main] [] misc - System property os.arch=i386
2010-08-31 16:05:27,989 INFO [main] [] misc - System property os.name=Linux
2010-08-31 16:05:27,989 INFO [main] [] misc - System property os.version=2.6.9-22.EL
2010-08-31 16:05:27,989 INFO [main] [] misc - System property sun.arch.data.model=32
2010-08-31 16:05:27,989 INFO [main] [] misc - System property sun.cpu.endian=little
2010-08-31 16:05:27,989 INFO [main] [] misc - System property sun.cpu.isalist=
2010-08-31 16:05:27,990 INFO [main] [] misc - System property sun.os.patch.level=unknown
2010-08-31 16:05:28,117 INFO [main] [] system - Setting mysql connector property: maxActive=100
2010-08-31 16:05:28,139 INFO [main] [] system - Setting mysql connector property: maxActive=100
2010-08-31 16:05:31,018 INFO [main] [] sqltrace - Setting slow SQL threshold to 2000ms
...
2010-08-31 16:05:40,890 INFO [LmtpServer] [] TcpServer/7025 - starting accept loop
2010-08-31 16:05:40,905 INFO [Pop3Server] [] TcpServer/110 - starting accept loop
2010-08-31 16:05:41,062 INFO [Pop3SSLServer] [] TcpServer/995 - starting accept loop
2010-08-31 16:05:41,106 INFO [ImapServer] [] TcpServer/143 - starting accept loop
2010-08-31 16:05:41,218 INFO [ImapSSLServer] [] TcpServer/993 - starting accept loop
...
2010-08-31 16:05:45,017 INFO [main] [] log - Started SslSelectChannelConnector@0.0.0.0:443
2010-08-31 16:05:45,020 INFO [main] [] log - Started SslSelectChannelConnector@0.0.0.0:7071
2010-08-31 16:05:45,020 INFO [main] [] log - Started SelectChannelConnector@0.0.0.0:7072
SSL Cert Installation: Unmatching certificate and private key error
If you're seeing this error:
root@zimbra:/tmp# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key commercial.crt commercial_ca.crt
** Verifying commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
XXXXX ERROR: Unmatching certificate (commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) pair.
It may be that the commercial.crt doesn't match the signature from commercial.key. The following two hashes should match, but don't:
# openssl x509 -noout -modulus -in commercial.crt | openssl md5
f4033675a216bbbe0712917e3281fe3c
# openssl rsa -noout -modulus -in commercial.key | openssl md5
76991327ac5bdae0840270dffeb4b214
Here is an example of two matching certificate and key files deployed for LDAP:
# openssl x509 -noout -modulus -in /opt/zimbra/conf/slapd.crt | openssl md5
59688017a0601a37a07d8fcd4ec9908c
# openssl rsa -noout -modulus -in /opt/zimbra/conf/slapd.key | openssl md5
59688017a0601a37a07d8fcd4ec9908c
If you have the CSR you can check to which key it belongs:
openssl req -noout -modulus -in server.csr | openssl md5
For a full explanation of the above commands: http://kb.wisc.edu/middleware/page.php?id=4064
Installing a Thawte SSL Certificate in ZCS 5.x and 6.x
Use the following instructions to install a commercial Thawte SSL certificate. All the commands below should be performed as the root user (not zimbra).
1. Begin by generating a Certificate Signing Request (CSR).
# /opt/zimbra/bin/zmcertmgr createcsr comm -new –subject "/C=US/ST=CO/L=Broomfield/O=VMware/OU=Zimbra Collaboration Suite" –subjectAltNames host.example.com
2. Next, submit the CSR to the Thawte and get a commercial certificate in X.509/PEM format.
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO13187
Save the new certificate to a temporary file (e.g. /tmp/comm.crt).
3. Determine which SSL product you bought from Thawte.
Depending on which it is, click the corresponding ApacheSSL from the link above. For the directions below, we'll assume it's plain SSL Web Server:
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO14822
4. Download the Intermediate Certificate Authority in Apache format (X.509/PEM):
The Intermediate CA you download depends on which Thawte SSL product was bought. Below, we're assuming SSL Web Server:
# cd /tmp && wget https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL_CA_Bundle.pem
5. Download the Root Certificate Authority:
https://www.thawte.com/roots/index.html
Again, the Root CA you download depends on the Thawte SSL product purchased. The Root CA below is for SSL Web Server:
# cd /tmp && wget https://www.thawte.com/roots/thawte_Premium_Server_CA.pem
6. Combine Root and Intermediate CAs:
cat /tmp/thawte_Premium_Server_CA.pem /tmp/SSL_CA_Bundle.pem > /tmp/commercial_ca.crt
The order of files matters: first the Root CA followed by the Intermediate CA.
Look at commercial_ca.crt and make sure there are line breaks (there should be no more than 64 characters per line). If the file is not formatted correctly, Zimbra won't be able to import it.
7. Verify:
# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/comm.crt /tmp/commercial_ca.crt
8. Deploy:
# /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/comm.crt /tmp/commercial_ca.crt
Bulk delete items from all users matching query via zmmailbox
Suppose you have the following scenario:
- We have an administrative assistant who left the company (admin_assistant@example.com). She had created reoccurring appointments on several people's calendars which now cannot be removed. Restoring the administrative assistant's account is not an option since she was removed a while back and our oldest backup doesn't contain her account. Any suggestions on how to remove the appointments?
As an administrator, you can script zmmailbox to search all accounts for appointments with an organizer of admin_assistant@example.com, and then delete those appointments.
#!/bin/bash
# tested on ZCS 6.0.8
if [ `whoami` != "zimbra" ]; then
echo "You must be the zimbra user to run this script."
exit 0
fi
# change query below to what you want to match
# the example searches for a body matching "Organizer: admin_assistant@example.com"
query="\"\\\"Organizer: admin_assistant@example.com\\\"\""
# change to search the type(s) of items you want to match
# types are: message,conversation,contact,appointment,document,task,wiki
type="appointment"
for acct in `zmprov -l gaa`
# if you want to search specific accounts, use the for loop below
# for acct in "99@test2.test" "100@test2.test" "101@test2.test" "102@test2.test" "103@test2.test"
do
echo "Searching account $acct..."
ITEMS=`zmmailbox -z -m $acct search -t $type "$query" | awk '{ if (NR>4 && NF) {print $2}}' | tr '\n' ,`
if [ -n "$ITEMS" ]; then
echo " Deleting item(s) " $ITEMS
# Remove echo after verifying the search results
echo zmmailbox -z -m $acct di $ITEMS
fi
done
Credit to: King0770-Notes-Removal_of_Bad_Contact_Address
Deciphering zmstat charts
MySQL: InnoDB Buffer Pool Hit Rate
In general, should stay above 995.
Bad
Better
Ideal
Mailboxd: Minor Garbage Collection Time and Mailboxd: Major Garbage Collection Time
If the GC time starts getting over a few percent, especially repeatedly, then it's something that users will notice.
