Cenário:
Tento logar no webmail e o servidor retorna erro de rede, não concedendo acesso aos emails pessoais.
Primeiro verificamos o servidor:
root@root~# su - zimbra
zimbra@root# zmcontrol start
(isso irá mostrar que alguns serviços estão parados).
Host correio.meudominio.com.br
Starting ldap...Done.
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
Starting logger...Failed.
Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed)
zimbra logger service is not enabled! failed.
volte para root com o CTRL + D , então verificaremos a validade do certificado:
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
Que retornará coisas do tipo:
::service mta::
notBefore=Apr 22 23:04:27 2010 GMT
notAfter=Apr 22 23:04:27 2011 GMT
Pra resolver o problema faça o seguinte:
[root@correio ~]# /opt/zimbra/bin/zmcertmgr createca -new
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf…done
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key…done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem…done.
[root@correio ~]# /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
Validation days: 365
** Creating /opt/zimbra/conf/zmssl.cnf…done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20110423104040
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf…done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20110423104040
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr…done.
** Saving server config key zimbraSSLPrivateKey…failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr…done.
[root@correio ~]# /opt/zimbra/bin/zmcertmgr deploycrt self
** Saving server config key zimbraSSLCertificate…failed.
** Saving server config key zimbraSSLPrivateKey…failed.
** Installing mta certificate and key…done.
** Installing slapd certificate and key…done.
** Installing proxy certificate and key…done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore…done.
** Installing CA to /opt/zimbra/conf/ca…done.
[root@correio ~]# /opt/zimbra/bin/zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS…done.
** Saving global config key zimbraCertAuthorityCertSelfSigned…failed.
** Saving global config key zimbraCertAuthorityKeySelfSigned…failed.
** Copying CA to /opt/zimbra/conf/ca…done.
[root@correio ~]# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
::service mta::
notBefore=Apr 23 13:40:45 2011 GMT
notAfter=Apr 22 13:40:45 2012 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=correio.meudominio.org.br
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=correio.meudominio.org.br
SubjectAltName=
::service proxy::
notBefore=Apr 23 13:40:45 2011 GMT
notAfter=Apr 22 13:40:45 2012 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=correio.meudominio.org.br
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=correio.meudominio.org.br
SubjectAltName=
::service mailboxd::
notBefore=Apr 23 13:40:45 2011 GMT
notAfter=Apr 22 13:40:45 2012 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=correio.meudominio.org.br
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=correio.meudominio.org.br
SubjectAltName=
::service ldap::
notBefore=Apr 23 13:40:45 2011 GMT
notAfter=Apr 22 13:40:45 2012 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=correio.meudominio.org.br
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=correio.meudominio.org.br
SubjectAltName=
depois:
root@root~# su -zimbra
zimbra@root# zimbra@root# zmcontrol stop
zimbra@root# zimbra@root# zmcontrol start
Nenhum comentário:
Postar um comentário
Comente ai!!!!