SOLVED: Zimbra 6.0.1 stop working if SSL certificate is expired
http://www.zimbra.com/forums/administrators/44241-solved-solved-zimbra-6-0-1-stop-working-if-ssl-certificate-expired.html
Entrar con putty o con Vshpere Client a la consola de RedHAT, ingresar como root y el password correspondiente
Para ver la fecha de expiración de tus certificados:
[root@mail ~]# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
Primero que todo revisa la hora y la fecha del servidor para que sea la apropiada, si no es correcta corríjela con el comando:
[root@mail ~]# date
Thu Feb 9 16:06:09 ECT 2012
The date command also can be used to set the time and date. To set the time manually, do this:
# date -s "16:15:00"
Fri Mar 28 16:15:00 CST 2003
If you also need to adjust the date, and not just the time, you can do it like this:
# date -s "16:55:30 July 7, 1986"
Mon Jul 7 16:55:30 PDT 1986
There is also another way to set the date and time, which is not very pretty:
# date 033121422003.55
Mon Mar 31 21:42:55 PST 2003
The above command does not use the -s option, and the fields are arranged like this: MMDDhhmmCCYY.ss
where MM = month, DD = day, hh = hour, mm = minute, CCYY = 4 digit year, and ss = seconds.
Si tu fecha y hora es correcta tienes un problema de la CA (Certification Authority)y los certificados de los servicios expirados
Pasos para la versión 7:
- El mensaje exacto del error se presenta después de intentar iniciar el servicio
[root@mail ~]# su -- zimbra
[zimbra@mail /]$ zmcontrol start
Starting ldap ... Done.
Unable to determine enabled services for ldap. Enabled services read from cache. Service List may be inaccurate.
Starting zmconfigd ... Done.
Starting logger ... Failed
Starting logswatch...ERROR: service failure (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed)
zimbra logger service is not enabled! failed.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting mta...Done.
Starting stats...Done.
[zimbra@mail /]$ exit
Saca un Backup antes de intentar este procedimiento
[root@mail ~]# /opt/zimbra/bin/zmcertmgr createca -new
[root@mail ~]# /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
[root@mail ~]# /opt/zimbra/bin/zmcertmgr deploycrt self
[root@mail ~]# /opt/zimbra/bin/zmcertmgr deployca
[root@mail ~]# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
[root@mail ~]# /opt/zimbra/java/bin/keytool -delete -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
[root@mail ~]# /opt/zimbra/java/bin/keytool -import -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/conf/ca/ca.pem
Aquí yo recomiendo reiniciar, caso contrario
[root@mail ~]# su -- zimbra
[zimbra@mail /]$ zmcontrol start
Saludos
BADBOY
http://www.zimbra.com/forums/administrators/44241-solved-solved-zimbra-6-0-1-stop-working-if-ssl-certificate-expired.html
Entrar con putty o con Vshpere Client a la consola de RedHAT, ingresar como root y el password correspondiente
Para ver la fecha de expiración de tus certificados:
[root@mail ~]# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
Primero que todo revisa la hora y la fecha del servidor para que sea la apropiada, si no es correcta corríjela con el comando:
[root@mail ~]# date
Thu Feb 9 16:06:09 ECT 2012
The date command also can be used to set the time and date. To set the time manually, do this:
# date -s "16:15:00"
Fri Mar 28 16:15:00 CST 2003
If you also need to adjust the date, and not just the time, you can do it like this:
# date -s "16:55:30 July 7, 1986"
Mon Jul 7 16:55:30 PDT 1986
There is also another way to set the date and time, which is not very pretty:
# date 033121422003.55
Mon Mar 31 21:42:55 PST 2003
The above command does not use the -s option, and the fields are arranged like this: MMDDhhmmCCYY.ss
where MM = month, DD = day, hh = hour, mm = minute, CCYY = 4 digit year, and ss = seconds.
Si tu fecha y hora es correcta tienes un problema de la CA (Certification Authority)y los certificados de los servicios expirados
Pasos para la versión 7:
- El mensaje exacto del error se presenta después de intentar iniciar el servicio
[root@mail ~]# su -- zimbra
[zimbra@mail /]$ zmcontrol start
Starting ldap ... Done.
Unable to determine enabled services for ldap. Enabled services read from cache. Service List may be inaccurate.
Starting zmconfigd ... Done.
Starting logger ... Failed
Starting logswatch...ERROR: service failure (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed)
zimbra logger service is not enabled! failed.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting mta...Done.
Starting stats...Done.
[zimbra@mail /]$ exit
Saca un Backup antes de intentar este procedimiento
[root@mail ~]# /opt/zimbra/bin/zmcertmgr createca -new
[root@mail ~]# /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
[root@mail ~]# /opt/zimbra/bin/zmcertmgr deploycrt self
[root@mail ~]# /opt/zimbra/bin/zmcertmgr deployca
[root@mail ~]# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
[root@mail ~]# /opt/zimbra/java/bin/keytool -delete -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
[root@mail ~]# /opt/zimbra/java/bin/keytool -import -alias root -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit -file /opt/zimbra/conf/ca/ca.pem
Aquí yo recomiendo reiniciar, caso contrario
[root@mail ~]# su -- zimbra
[zimbra@mail /]$ zmcontrol start
Saludos
BADBOY
uta madre que inteligente mano me quito el sombrero me salvaste de un gran problema jejejeje gracias man!!! te agradesco mucho!
ResponderEliminarEs mi ayuda a memoria este blog. Qué bueno que te haya servido
EliminarHola, envia este error al generar el certificado y no me funciona el procedimiento:
ResponderEliminarRetrieving Commercial CA cert from ldap...failed
/opt/zimbra/bin/zmcertmgr createcrt -new -days 365
Validation days: 365
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20130831174702
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20130831174702
** Retrieving Commercial CA cert from ldap...failed.
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Saving server config key zimbraSSLPrivateKey...failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.