Difference between revisions of "Problem with Certificate can cause MTA Failure"

Line 5: Line 5:
 
We wanted to post this thread to let you know about these, and help you work through any issue you have.
 
We wanted to post this thread to let you know about these, and help you work through any issue you have.
  
---------------------------------------------------
+
-----------------------------------------------------------------------------------------------------------------------------------
 
'''Issue:'''
 
'''Issue:'''
  
Problem with Certificate can cause MTA Failure [Bug 23253]
+
Problem with Certificate can cause MTA Failure [ http://bugzilla.zimbra.com/show_bug.cgi?id=23253 ]
  
 
'''Symptom:'''
 
'''Symptom:'''
Line 32: Line 32:
 
Alternate: Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade!
 
Alternate: Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade!
  
-------------------------------------------------------------------------------------------------------
+
-----------------------------------------------------------------------------------------------------------------------------------
  
 
'''Steps:'''
 
'''Steps:'''
Line 64: Line 64:
 
^D is Control-D
 
^D is Control-D
  
-------------------------------------------------------------------------------------------------------
+
-----------------------------------------------------------------------------------------------------------------------------------
'''
+
 
References:'''
+
'''References:'''
  
 
http://www.zimbra.com/forums/installation/13762-solved-expired-cert-5-0ga-can-cause-mail-delivery-failure.html
 
http://www.zimbra.com/forums/installation/13762-solved-expired-cert-5-0ga-can-cause-mail-delivery-failure.html
  
[Bug 23253] - an expired CA cert will block mail delivery after upgrading to 5.0.0
+
[ http://bugzilla.zimbra.com/show_bug.cgi?id=23253 ] - an expired CA cert will block mail delivery after upgrading to 5.0.0
 +
 
 +
-----------------------------------------------------------------------------------------------------------------------------------
  
---------------------------------------------------
 
 
'''Issue:'''
 
'''Issue:'''
  
Line 83: Line 84:
 
Common Cause:'''
 
Common Cause:'''
  
Related to Bug [23253]
+
Related to Bug [ http://bugzilla.zimbra.com/show_bug.cgi?id=23253 ]
  
 
'''Workaround:'''
 
'''Workaround:'''
  
Installing Cert via Command Line: [ BUG 23294 http://bugzilla.zimbra.com/show_bug.cgi?id=23294] - commercial certs fail to install
+
Installing Cert via Command Line: [ http://bugzilla.zimbra.com/show_bug.cgi?id=23294 ] - commercial certs fail to install
  
 
'''References:'''
 
'''References:'''
  
Bug [23294] - commercial certs fail to install
+
Bug [ http://bugzilla.zimbra.com/show_bug.cgi?id=23294 ] - commercial certs fail to install
 
Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade!
 
Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade!
---------------------------------------------------
+
 
 +
http://www.zimbra.com/forums/installation/13898-argh-commercial-certificates-after-4-10-5-0-foss-upgrade.html
 +
 
 +
-----------------------------------------------------------------------------------------------------------------------------------

Revision as of 07:07, 2 January 2008

There are some issues in Zimbra 5.0 GA that you should know about.

Zimbra can install/upgrade and work under most circumstances, however, a small number of users are encountering some issues.

We wanted to post this thread to let you know about these, and help you work through any issue you have.


Issue:

Problem with Certificate can cause MTA Failure [ http://bugzilla.zimbra.com/show_bug.cgi?id=23253 ]

Symptom:

When MTA starts up, user will receive the following message in the /var/log/zimbra.log file:

Error:

  postfix/trivial-rewrite[6172]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
  postfix/trivial-rewrite[19377]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
  postfix/trivial-rewrite[19378]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error


Then the MTA (postfix) will stop functioning resulting in mail delivery failure (via lmtp and smtp).

Common Cause:

CA chain can be appended in reverse creating invalid Certificate

Workaround:

Read this post: [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure Alternate: Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade!


Steps:

(a) Run as root: cd /opt/zimbra/ssl; mkdir bak; mv * bak (b) Run this as zimbra: (b1) To get the password: zmlocalconfig -s zimbra_ldap_password (b2) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W

Code:

dn: cn=config,cn=zimbra changetype:modify delete: zimbraCertAuthorityCertSelfSigned [Hit Enter Twice here] ^D

(b3) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W

Code:

dn: cn=config,cn=zimbra changetype:modify delete: zimbraCertAuthorityKeySelfSigned [Hit Enter Twice here] ^D

(c) as root: run /opt/zimbra/bin/zmcertmgr createca (d) as root: run /opt/zimbra/bin/zmcertmgr deployca (e) as root: run /opt/zimbra/bin/zmcertmgr install self -new (f) as root: su - zimbra zmcontrol stop; su - zimbra zmcontrol start

^D is Control-D


References:

http://www.zimbra.com/forums/installation/13762-solved-expired-cert-5-0ga-can-cause-mail-delivery-failure.html

[ http://bugzilla.zimbra.com/show_bug.cgi?id=23253 ] - an expired CA cert will block mail delivery after upgrading to 5.0.0


Issue:

Cannot install a Commercial Certificate in Zimbra 5.0 [Bug 23294] Symptom:

User is unable to install a commercial certificate in Zimbra 5.0 Common Cause:

Related to Bug [ http://bugzilla.zimbra.com/show_bug.cgi?id=23253 ]

Workaround:

Installing Cert via Command Line: [ http://bugzilla.zimbra.com/show_bug.cgi?id=23294 ] - commercial certs fail to install

References:

Bug [ http://bugzilla.zimbra.com/show_bug.cgi?id=23294 ] - commercial certs fail to install Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade!

http://www.zimbra.com/forums/installation/13898-argh-commercial-certificates-after-4-10-5-0-foss-upgrade.html


Jump to: navigation, search