Friday, January 13, 2012

zimbra: error when ssl expired

*thanks to eaperezh of zimbra forums for this fix
(src: http://www.zimbra.com/forums/administrators/44241-solved-solved-zimbra-6-0-1-stop-working-if-ssl-certificate-expired.html)
The symptoms the users had:
a- no web interface at all.
b- admin interface not available
c- zimbra desktop unable to connect
# su - zimbra
# zmprov 
ERROR: zclient.IO_ERROR (invoke sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed, server: localhost) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
Single-Node Self-Signed Certificate 
1. Begin by generating a new Certificate Authority (CA).
# sudo zmcertmgr createca -new 
2. Then generate a certificate signed by the CA that expires in 365 days.
# sudo zmcertmgr createcrt -new -days 3650 
3. Next deploy the certificate.
# sudo zmcertmgr deploycrt self 
4. Next deploy the CA.
# sudo zmcertmgr deployca 
5. To finish, verify the certificate was deployed to all the services.
# sudo zmcertmgr viewdeployedcrt  
(as root)
# /opt/zimbra/java/bin/keytool -import -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/conf/ca/ca.pem  
# su - zimbra
# zmcontrol stop
# zmcontrol start 
# zmprov
prov>

No comments:

Post a Comment

SSH : No matching host key type found. Their offer: ssh-rsa,ssh-dss

Got this while connecting to my mikrotik router via ssh   Unable to negotiate with <ip address> port <ssh port>: no matching hos...