Document Actions
Cert problems
How to solve the certificate problem resulting in no email received.
This seems to be primarily an issue with not recognizing the platform during upgrade or install. Use the get_plat_tag.sh script to see if the platform is recognize. If not you may need to edit /etc/SuSE-release to match what is expected in the get_plat_tag.sh script.
How to get rid of cert in ldap.
Save the old Certs
root@# cd /opt/zimbra/ssl; mkdir bak; mv * bak
determine ldap password
zimbra@# zmlocalconfig -s zimbra_ldap_password
Delete ldap cert
The following is NOT one long line.zimbra@# ldapmodify -x -h FQDN -D "uid=zimbra,cn=admins,cn=zimbra" -W
dn: cn=config,cn=zimbra
changetype:modify
delete: zimbraCertAuthorityCertSelfSigned
delete: zimbraCertAuthorityKeySelfSigned
^d
FQDN above is the full domain name of the zimbra host. Example: mail.domain.com
Create and deploy cert
root@# /opt/zimbra/bin/zmcertmgr createcaNote, you can run #bash -x ~/bin/zmcertmgr above to have it display the commands being executed.
root@# /opt/zimbra/bin/zmcertmgr deployca
root@# /opt/zimbra/bin/zmcertmgr install self -new
Check there are not old Tomcat certs
zimbra@# keytool -list -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
Delete tomcat cert if it exists
zimbra@# keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password`
Restart zimbra
#su zimbra
zimbra@# zmcontrol stop
zimbra@# zmcontrol start
see also:
-
Fix Zimbra Logger
- Fixing zimbra logger on the SuSE platform after an upgrade.
