Problem with Certificate can cause MTA Failure: Difference between revisions
(New page: There are some issues in Zimbra 5.0 GA that you should know about. Zimbra can install/upgrade and work under most circumstances, however, a small number of users are encountering some iss...) |
No edit summary |
||
Line 6: | Line 6: | ||
--------------------------------------------------- | --------------------------------------------------- | ||
Issue: | '''Issue:''' | ||
Problem with Certificate can cause MTA Failure [Bug 23253] | Problem with Certificate can cause MTA Failure [Bug 23253] | ||
Symptom: | '''Symptom:''' | ||
When MTA starts up, user will receive the following message in the /var/log/zimbra.log file: | When MTA starts up, user will receive the following message in the /var/log/zimbra.log file: | ||
Error: | '''Error:''' | ||
postfix/trivial-rewrite[6172]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem | postfix/trivial-rewrite[6172]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem | ||
Line 23: | Line 23: | ||
Then the MTA (postfix) will stop functioning resulting in mail delivery failure (via lmtp and smtp). | Then the MTA (postfix) will stop functioning resulting in mail delivery failure (via lmtp and smtp). | ||
Common Cause: | '''Common Cause:''' | ||
CA chain can be appended in reverse creating invalid Certificate | CA chain can be appended in reverse creating invalid Certificate | ||
Workaround: | '''Workaround:''' | ||
Read this post: [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure | Read this post: [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure | ||
Line 34: | Line 34: | ||
------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ||
Steps: | '''Steps:''' | ||
(a) Run as root: cd /opt/zimbra/ssl; mkdir bak; mv * bak | |||
(b) Run this as zimbra: | |||
(b1) To get the password: zmlocalconfig -s zimbra_ldap_password | |||
(b2) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W | |||
Code: | '''Code:''' | ||
dn: cn=config,cn=zimbra | dn: cn=config,cn=zimbra | ||
Line 50: | Line 50: | ||
(b3) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W | (b3) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W | ||
Code: | '''Code:''' | ||
dn: cn=config,cn=zimbra | dn: cn=config,cn=zimbra | ||
changetype:modify | changetype:modify | ||
delete: zimbraCertAuthorityKeySelfSigned | delete: zimbraCertAuthorityKeySelfSigned [Hit Enter Twice here] | ||
^D | ^D | ||
Line 65: | Line 65: | ||
------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ||
''' | |||
References:''' | |||
http://www.zimbra.com/forums/installation/13762-solved-expired-cert-5-0ga-can-cause-mail-delivery-failure.html | |||
Bug 23253 - an expired CA cert will block mail delivery after upgrading to 5.0.0 | [Bug 23253] - an expired CA cert will block mail delivery after upgrading to 5.0.0 | ||
--------------------------------------------------- | --------------------------------------------------- | ||
Issue: | '''Issue:''' | ||
Cannot install a Commercial Certificate in Zimbra 5.0 [Bug 23294] | Cannot install a Commercial Certificate in Zimbra 5.0 [Bug 23294] | ||
''' | |||
Symptom: | Symptom:''' | ||
User is unable to install a commercial certificate in Zimbra 5.0 | User is unable to install a commercial certificate in Zimbra 5.0 | ||
''' | |||
Common Cause: | Common Cause:''' | ||
Related to Bug [23253] | Related to Bug [23253] | ||
Workaround: | '''Workaround:''' | ||
Installing Cert via Command Line: Bug [23294] - commercial certs fail to install | Installing Cert via Command Line: Bug [23294] - commercial certs fail to install | ||
References: | '''References:''' | ||
Bug [23294] - commercial certs fail to install | Bug [23294] - commercial certs fail to install | ||
Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade! | Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade! | ||
--------------------------------------------------- | --------------------------------------------------- |
Revision as of 07:00, 2 January 2008
There are some issues in Zimbra 5.0 GA that you should know about.
Zimbra can install/upgrade and work under most circumstances, however, a small number of users are encountering some issues.
We wanted to post this thread to let you know about these, and help you work through any issue you have.
Issue:
Problem with Certificate can cause MTA Failure [Bug 23253]
Symptom:
When MTA starts up, user will receive the following message in the /var/log/zimbra.log file:
Error:
postfix/trivial-rewrite[6172]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem postfix/trivial-rewrite[19377]: fatal: ldap:/opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem postfix/trivial-rewrite[19378]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
Then the MTA (postfix) will stop functioning resulting in mail delivery failure (via lmtp and smtp).
Common Cause:
CA chain can be appended in reverse creating invalid Certificate
Workaround:
Read this post: [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure Alternate: Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade!
Steps:
(a) Run as root: cd /opt/zimbra/ssl; mkdir bak; mv * bak (b) Run this as zimbra: (b1) To get the password: zmlocalconfig -s zimbra_ldap_password (b2) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W
Code:
dn: cn=config,cn=zimbra changetype:modify delete: zimbraCertAuthorityCertSelfSigned [Hit Enter Twice here] ^D
(b3) ldapmodify -x -h fqdn.server.tld -D "uid=zimbra,cn=admins,cn=zimbra" -W
Code:
dn: cn=config,cn=zimbra changetype:modify delete: zimbraCertAuthorityKeySelfSigned [Hit Enter Twice here] ^D
(c) as root: run /opt/zimbra/bin/zmcertmgr createca (d) as root: run /opt/zimbra/bin/zmcertmgr deployca (e) as root: run /opt/zimbra/bin/zmcertmgr install self -new (f) as root: su - zimbra zmcontrol stop; su - zimbra zmcontrol start
^D is Control-D
References:
[Bug 23253] - an expired CA cert will block mail delivery after upgrading to 5.0.0
Issue:
Cannot install a Commercial Certificate in Zimbra 5.0 [Bug 23294] Symptom:
User is unable to install a commercial certificate in Zimbra 5.0 Common Cause:
Related to Bug [23253]
Workaround:
Installing Cert via Command Line: Bug [23294] - commercial certs fail to install
References:
Bug [23294] - commercial certs fail to install Argh Commercial Certificates after a 4.10 -> 5.0 FOSS upgrade!