ZIMBRA MAIL SERVER 7.2.0 CERTIFICATION RENEWAL
[root@mail ~]# cd /opt/zimbra/ssl/zimbra/ca/
[root@mail ~]# mv ca.csr ca.csr.bak
[root@mail ~]# mv ca.key ca.key.bak
[root@mail ~]# mv ca.srl ca.srl.bak
[root@mail ~]# mv ca.pem ca.pem.bak
[root@mail ~]# mv zmssl.cnf zmssl.cnf.bak
[root@mail ~]# cd /opt/zimbra/bin
[root@mail bin]# ./zmcertmgr createca -new
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
[root@mail bin]# ./zmcertmgr createcrt -new -days 365
Validation days: 365
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20131107112827
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20131107112827
** Retrieving Commercial CA cert from ldap...failed.
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr... done.
** Saving server config key zimbraSSLPrivateKey...failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
[root@mail bin]# ./zmcertmgr deploycrt self
** Saving server config key zimbraSSLCertificate...failed.
** Saving server config key zimbraSSLPrivateKey...failed.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
[root@mail bin]# ./zmcertmgr viewdeployedcrt
::service mta::
notBefore=Nov 7 05:58:32 2013 GMT
notAfter=Nov 7 05:58:32 2014 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.kopt.in
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collabora tion Suite/CN=mail.kopt.in
SubjectAltName=
::service proxy::
notBefore=Nov 7 05:58:32 2013 GMT
notAfter=Nov 7 05:58:32 2014 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.kopt.in
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collabora tion Suite/CN=mail.kopt.in
SubjectAltName=
::service mailboxd::
notBefore=Nov 7 05:58:32 2013 GMT
notAfter=Nov 7 05:58:32 2014 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.kopt.in
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collabora tion Suite/CN=mail.kopt.in
SubjectAltName=
::service ldap::
notBefore=Nov 7 05:58:32 2013 GMT
notAfter=Nov 7 05:58:32 2014 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.kopt.in
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collabora tion Suite/CN=mail.kopt.in
SubjectAltName=
[root@mail bin]# ./zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
** Copying CA to /opt/zimbra/conf/ca...done.
[root@mail ~]# /etc/init.d/zimbra stop
Host mail.kopt.in
Stopping zmconfigd...Done.
Stopping stats...Done.
Stopping mta...Done.
Stopping spell...Done.
Stopping snmp...Done.
Stopping cbpolicyd...Done.
Stopping archiving...Done.
Stopping antivirus...Done.
Stopping antispam...Done.
Stopping imapproxy...Done.
Stopping memcached...Done.
Stopping mailbox...Done.
Stopping logger...Done.
Stopping ldap...Done.
[root@mail ~]# /etc/init.d/zimbra start
Host mail.kopt.in
Starting ldap...Done.
Starting zmconfigd...Done.
Starting logger...Done.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.
[root@mail ~]#
[root@mail ~]# mv ca.csr ca.csr.bak
[root@mail ~]# mv ca.key ca.key.bak
[root@mail ~]# mv ca.srl ca.srl.bak
[root@mail ~]# mv ca.pem ca.pem.bak
[root@mail ~]# mv zmssl.cnf zmssl.cnf.bak
[root@mail ~]# cd /opt/zimbra/bin
[root@mail bin]# ./zmcertmgr createca -new
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
[root@mail bin]# ./zmcertmgr createcrt -new -days 365
Validation days: 365
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20131107112827
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20131107112827
** Retrieving Commercial CA cert from ldap...failed.
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr... done.
** Saving server config key zimbraSSLPrivateKey...failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
[root@mail bin]# ./zmcertmgr deploycrt self
** Saving server config key zimbraSSLCertificate...failed.
** Saving server config key zimbraSSLPrivateKey...failed.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
[root@mail bin]# ./zmcertmgr viewdeployedcrt
::service mta::
notBefore=Nov 7 05:58:32 2013 GMT
notAfter=Nov 7 05:58:32 2014 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.kopt.in
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collabora tion Suite/CN=mail.kopt.in
SubjectAltName=
::service proxy::
notBefore=Nov 7 05:58:32 2013 GMT
notAfter=Nov 7 05:58:32 2014 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.kopt.in
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collabora tion Suite/CN=mail.kopt.in
SubjectAltName=
::service mailboxd::
notBefore=Nov 7 05:58:32 2013 GMT
notAfter=Nov 7 05:58:32 2014 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.kopt.in
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collabora tion Suite/CN=mail.kopt.in
SubjectAltName=
::service ldap::
notBefore=Nov 7 05:58:32 2013 GMT
notAfter=Nov 7 05:58:32 2014 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.kopt.in
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collabora tion Suite/CN=mail.kopt.in
SubjectAltName=
[root@mail bin]# ./zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
** Copying CA to /opt/zimbra/conf/ca...done.
[root@mail ~]# /etc/init.d/zimbra stop
Host mail.kopt.in
Stopping zmconfigd...Done.
Stopping stats...Done.
Stopping mta...Done.
Stopping spell...Done.
Stopping snmp...Done.
Stopping cbpolicyd...Done.
Stopping archiving...Done.
Stopping antivirus...Done.
Stopping antispam...Done.
Stopping imapproxy...Done.
Stopping memcached...Done.
Stopping mailbox...Done.
Stopping logger...Done.
Stopping ldap...Done.
[root@mail ~]# /etc/init.d/zimbra start
Host mail.kopt.in
Starting ldap...Done.
Starting zmconfigd...Done.
Starting logger...Done.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.
[root@mail ~]#
Hello,
ReplyDeleteThanks for this tip but that is not really easy as showing in this article. In my case I have still error on service start (after following article) :
--------------------------------
Host zimbra.company.com
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting zmconfigd...Done.
Starting logger...Failed.
Starting logswatch...ERROR: service.FAILURE (system failure: unable to lookup server by name: zimbra.company.com message: [LDAP: error code 49 - Invalid Credentials]) (cause: javax.naming.AuthenticationException [LDAP: error code 49 - Invalid Credentials])
zimbra logger service is not enabled! failed.
--------------------------------
Any idea to solve this error ?
NB: Sorry, I'm bad in english...
zimbra.company.com exist in my /etc/hosts file and are the name of my server.
Delete--------------------------------
127.0.0.1 localhost.localdomain localhost
192.168.2.252 zimbra.company.com
--------------------------------
192.168.2.252 ==> is the IP of the server network card.