Problem with Certificate can cause MTA Failure: Difference between revisions
No edit summary |
No edit summary |
||
Line 56: | Line 56: | ||
(f) as root: su - zimbra zmcontrol stop; su - zimbra zmcontrol start | (f) as root: su - zimbra zmcontrol stop; su - zimbra zmcontrol start | ||
^D is Control-D | ^D is Control-D | ||
----------------------------------------------------------------------------------------------------------------------------------- | |||
'''For Multi-Server: Run this on the system which is running postfix or an ldap replica''' | |||
After doing the steps listed above on the ldap master, log into any different systems running postfix or that are an ldap replica | |||
and: | |||
(a) Run as root: su - zimbra zmcontrol stop | |||
(b) Run as root: cd /opt/zimbra/ssl; mkdir bak; mv * bak | |||
(c) Run as root: run /opt/zimbra/bin/zmcertmgr createca | |||
(This will download the new CA from the LDAP server) | |||
(d) Run as root: run /opt/zimbra/bin/zmcertmgr deployca | |||
(e) Run as root: su - zimbra zmcontrtol start | |||
----------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | ||
Line 89: | Line 102: | ||
http://www.zimbra.com/forums/installation/13898-argh-commercial-certificates-after-4-10-5-0-foss-upgrade.html | http://www.zimbra.com/forums/installation/13898-argh-commercial-certificates-after-4-10-5-0-foss-upgrade.html | ||
----------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
Revision as of 00:41, 7 January 2008
There are some issues in Zimbra 5.0 GA that you should know about.
Zimbra can install/upgrade and work under most circumstances, however, a small number of users are encountering some issues.
We wanted to post this thread to let you know about these, and help you work through any issue you have.
Issue:
Problem with Certificate can cause MTA Failure [ http://bugzilla.zimbra.com/show_bug.cgi?id=23253 ]
Symptom:
When MTA starts up, user will receive the following message in the /var/log/zimbra.log file:
Error:
postfix/trivial-rewrite[6172]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem postfix/trivial-rewrite[19377]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem postfix/trivial-rewrite[19378]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Then the MTA (postfix) will stop functioning resulting in mail delivery failure (via lmtp and smtp).
Common Cause:
CA chain can be appended in reverse creating invalid Certificate
Workaround:
Read this post: http://www.zimbra.com/forums/administrators/13927-if-you-have-trouble-zimbra-5-0-read.html
Steps: (a) Run as root: cd /opt/zimbra/ssl; mkdir bak; mv * bak (b) Run this as zimbra: (b1) To get the password: zmlocalconfig -s zimbra_ldap_password (b2) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W Code: dn: cn=config,cn=zimbra changetype:modify delete: zimbraCertAuthorityCertSelfSigned [Hit Enter Twice here] ^D (b3) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W Code: dn: cn=config,cn=zimbra changetype:modify delete: zimbraCertAuthorityKeySelfSigned [Hit Enter Twice here] ^D (c) as root: run /opt/zimbra/bin/zmcertmgr createca (d) as root: run /opt/zimbra/bin/zmcertmgr deployca (e) as root: run /opt/zimbra/bin/zmcertmgr install self -new (f) as root: su - zimbra zmcontrol stop; su - zimbra zmcontrol start ^D is Control-D
For Multi-Server: Run this on the system which is running postfix or an ldap replica
After doing the steps listed above on the ldap master, log into any different systems running postfix or that are an ldap replica and:
(a) Run as root: su - zimbra zmcontrol stop (b) Run as root: cd /opt/zimbra/ssl; mkdir bak; mv * bak (c) Run as root: run /opt/zimbra/bin/zmcertmgr createca (This will download the new CA from the LDAP server) (d) Run as root: run /opt/zimbra/bin/zmcertmgr deployca (e) Run as root: su - zimbra zmcontrtol start
References:
[ http://bugzilla.zimbra.com/show_bug.cgi?id=23253 ] - an expired CA cert will block mail delivery after upgrading to 5.0.0
Issue:
Cannot install a Commercial Certificate in Zimbra 5.0 [Bug 23294] Symptom:
User is unable to install a commercial certificate in Zimbra 5.0 Common Cause:
Related to Bug [ http://bugzilla.zimbra.com/show_bug.cgi?id=23253 ]
Workaround:
Installing Cert via Command Line: [ http://bugzilla.zimbra.com/show_bug.cgi?id=23294 ] - commercial certs fail to install
References:
Bug [ http://bugzilla.zimbra.com/show_bug.cgi?id=23294 ] - commercial certs fail to install Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade!