Difference between revisions of "Problem with Certificate can cause MTA Failure"

(New page: There are some issues in Zimbra 5.0 GA that you should know about. Zimbra can install/upgrade and work under most circumstances, however, a small number of users are encountering some iss...)
 
Line 6: Line 6:
  
 
---------------------------------------------------
 
---------------------------------------------------
Issue:
+
'''Issue:'''
  
 
Problem with Certificate can cause MTA Failure [Bug 23253]
 
Problem with Certificate can cause MTA Failure [Bug 23253]
  
Symptom:
+
'''Symptom:'''
  
 
When MTA starts up, user will receive the following message in the /var/log/zimbra.log file:
 
When MTA starts up, user will receive the following message in the /var/log/zimbra.log file:
  
Error:
+
'''Error:'''
  
 
   postfix/trivial-rewrite[6172]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
 
   postfix/trivial-rewrite[6172]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
Line 23: Line 23:
 
Then the MTA (postfix) will stop functioning resulting in mail delivery failure (via lmtp and smtp).
 
Then the MTA (postfix) will stop functioning resulting in mail delivery failure (via lmtp and smtp).
  
Common Cause:
+
'''Common Cause:'''
  
 
CA chain can be appended in reverse creating invalid Certificate
 
CA chain can be appended in reverse creating invalid Certificate
  
Workaround:
+
'''Workaround:'''
  
 
Read this post: [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure
 
Read this post: [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure
Line 34: Line 34:
 
-------------------------------------------------------------------------------------------------------
 
-------------------------------------------------------------------------------------------------------
  
Steps:
+
'''Steps:'''
  
  (a) as root: cd /opt/zimbra/ssl; mkdir bak; mv * bak
+
(a) Run as root: cd /opt/zimbra/ssl; mkdir bak; mv * bak
  (b) as zimbra:
+
(b) Run this as zimbra:
  (b1) to get the password: zmlocalconfig -s zimbra_ldap_password
+
(b1) To get the password: zmlocalconfig -s zimbra_ldap_password
  (b2) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W
+
(b2) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W
  
Code:
+
'''Code:'''
  
 
dn: cn=config,cn=zimbra
 
dn: cn=config,cn=zimbra
Line 50: Line 50:
 
(b3) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W
 
(b3) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W
  
Code:
+
'''Code:'''
  
 
dn: cn=config,cn=zimbra
 
dn: cn=config,cn=zimbra
 
changetype:modify
 
changetype:modify
delete: zimbraCertAuthorityKeySelfSigned
+
delete: zimbraCertAuthorityKeySelfSigned     [Hit Enter Twice here]
 
^D
 
^D
  
Line 65: Line 65:
  
 
-------------------------------------------------------------------------------------------------------
 
-------------------------------------------------------------------------------------------------------
 +
'''
 +
References:'''
  
References:
+
http://www.zimbra.com/forums/installation/13762-solved-expired-cert-5-0ga-can-cause-mail-delivery-failure.html
[SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure
 
  
Bug 23253 - an expired CA cert will block mail delivery after upgrading to 5.0.0
+
[Bug 23253] - an expired CA cert will block mail delivery after upgrading to 5.0.0
  
 
---------------------------------------------------
 
---------------------------------------------------
Issue:
+
'''Issue:'''
  
 
Cannot install a Commercial Certificate in Zimbra 5.0 [Bug 23294]
 
Cannot install a Commercial Certificate in Zimbra 5.0 [Bug 23294]
 
+
'''
Symptom:
+
Symptom:'''
  
 
User is unable to install a commercial certificate in Zimbra 5.0
 
User is unable to install a commercial certificate in Zimbra 5.0
 
+
'''
Common Cause:
+
Common Cause:'''
  
 
Related to Bug [23253]
 
Related to Bug [23253]
  
Workaround:
+
'''Workaround:'''
  
 
Installing Cert via Command Line: Bug [23294] - commercial certs fail to install
 
Installing Cert via Command Line: Bug [23294] - commercial certs fail to install
  
References:
+
'''References:'''
  
 
Bug [23294] - commercial certs fail to install
 
Bug [23294] - commercial certs fail to install
 
Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade!
 
Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade!
 
---------------------------------------------------
 
---------------------------------------------------

Revision as of 07:00, 2 January 2008

There are some issues in Zimbra 5.0 GA that you should know about.

Zimbra can install/upgrade and work under most circumstances, however, a small number of users are encountering some issues.

We wanted to post this thread to let you know about these, and help you work through any issue you have.


Issue:

Problem with Certificate can cause MTA Failure [Bug 23253]

Symptom:

When MTA starts up, user will receive the following message in the /var/log/zimbra.log file:

Error:

  postfix/trivial-rewrite[6172]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
  postfix/trivial-rewrite[19377]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
  postfix/trivial-rewrite[19378]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error


Then the MTA (postfix) will stop functioning resulting in mail delivery failure (via lmtp and smtp).

Common Cause:

CA chain can be appended in reverse creating invalid Certificate

Workaround:

Read this post: [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure Alternate: Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade!


Steps:

(a) Run as root: cd /opt/zimbra/ssl; mkdir bak; mv * bak (b) Run this as zimbra: (b1) To get the password: zmlocalconfig -s zimbra_ldap_password (b2) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W

Code:

dn: cn=config,cn=zimbra changetype:modify delete: zimbraCertAuthorityCertSelfSigned [Hit Enter Twice here] ^D

(b3) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W

Code:

dn: cn=config,cn=zimbra changetype:modify delete: zimbraCertAuthorityKeySelfSigned [Hit Enter Twice here] ^D

(c) as root: run /opt/zimbra/bin/zmcertmgr createca (d) as root: run /opt/zimbra/bin/zmcertmgr deployca (e) as root: run /opt/zimbra/bin/zmcertmgr install self -new (f) as root: su - zimbra zmcontrol stop; su - zimbra zmcontrol start

^D is Control-D


References:

http://www.zimbra.com/forums/installation/13762-solved-expired-cert-5-0ga-can-cause-mail-delivery-failure.html

[Bug 23253] - an expired CA cert will block mail delivery after upgrading to 5.0.0


Issue:

Cannot install a Commercial Certificate in Zimbra 5.0 [Bug 23294] Symptom:

User is unable to install a commercial certificate in Zimbra 5.0 Common Cause:

Related to Bug [23253]

Workaround:

Installing Cert via Command Line: Bug [23294] - commercial certs fail to install

References:

Bug [23294] - commercial certs fail to install Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade!


Jump to: navigation, search