*thanks to eaperezh of zimbra forums for this fix
(src: http://www.zimbra.com/forums/administrators/44241-solved-solved-zimbra-6-0-1-stop-working-if-ssl-certificate-expired.html)The symptoms the users had:
a- no web interface at all.
b- admin interface not available
c- zimbra desktop unable to connect
# su - zimbra
# zmprov
ERROR: zclient.IO_ERROR (invoke sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed, server: localhost) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)
Single-Node Self-Signed Certificate
1. Begin by generating a new Certificate Authority (CA).
# sudo zmcertmgr createca -new
2. Then generate a certificate signed by the CA that expires in 365 days.
# sudo zmcertmgr createcrt -new -days 3650
3. Next deploy the certificate.
# sudo zmcertmgr deploycrt self
4. Next deploy the CA.
# sudo zmcertmgr deployca
5. To finish, verify the certificate was deployed to all the services.
# sudo zmcertmgr viewdeployedcrt
(as root)
# /opt/zimbra/java/bin/keytool -import -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/conf/ca/ca.pem
# su - zimbra
# zmcontrol stop
# zmcontrol start
# zmprov
prov>
No comments:
Post a Comment