Renew Certificate or Create New Certificate from Zimbra CLI

License for one of our client get expired and current status is in grace period.

Accident happen when server was forced to shutdown due to electrical problem. When the server goes up nothing email server still down. I try to start the service manually.

$ zmcontrol start
Host mail.yourdomain.com
Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn’t exist.

Further investigation tell me about certificate expiration, I must renew it.

Here the steps :

# su – zimbra
$ /opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr must be run as user root
$ exit
logout

Hohoho, the command must run by root.

Begin by generating a new Certificate Authority (CA).

# /opt/zimbra/bin/zmcertmgr createca -new

** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf…done
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key…done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem…done.

Then generate a certificate signed by the CA that expires in 365 days.

# /opt/zimbra/bin/zmcertmgr createcrt -new -days 365

Validation days: 365
** Creating /opt/zimbra/conf/zmssl.cnf…done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20101009200401
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf…done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20101009200401
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr…done.
** Saving server config key zimbraSSLPrivateKey…failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr…done.

Next deploy the certificate.

# /opt/zimbra/bin/zmcertmgr deploycrt self

** Saving server config key zimbraSSLCertificate…done.
** Saving server config key zimbraSSLPrivateKey…done.
** Installing mta certificate and key…done.
** Installing slapd certificate and key…done.
** Installing proxy certificate and key…done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore…done.
** Installing CA to /opt/zimbra/conf/ca…done.

Next deploy the CA

# /opt/zimbra/bin/zmcertmgr deployca

** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS…done.
** Saving global config key zimbraCertAuthorityCertSelfSigned…done.
** Saving global config key zimbraCertAuthorityKeySelfSigned…done.
** Copying CA to /opt/zimbra/conf/ca…done.

To finish, verify the certificate was deployed to all the services.

# /opt/zimbra/bin/zmcertmgr viewdeployedcrt

::service mta::
notBefore=Oct  9 13:04:03 2010 GMT
notAfter=Oct  9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
SubjectAltName=
::service proxy::
notBefore=Oct  9 13:04:03 2010 GMT
notAfter=Oct  9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
SubjectAltName=
::service mailboxd::
notBefore=Oct  9 13:04:03 2010 GMT
notAfter=Oct  9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
SubjectAltName=
::service ldap::
notBefore=Oct  9 13:04:03 2010 GMT
notAfter=Oct  9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
SubjectAltName=
#

done.

Try start the service :

~$ zmcontrol start
Host mail.yourdomain.com
Starting ldap…Done.
Starting logger…Done.
Starting convertd…Done.
Starting mailbox…Done.
Starting antispam…Done.
Starting antivirus…Done.
Starting snmp…Done.
Starting spell…Done.
Starting mta…Done.
Starting stats…Done.
$

  • Saving server config key zimbraSSLPrivateKey failed
  • Unable to determine enabled services Cache is out of date or doesnt exist
  • Unable to determine enabled services from ldap
  • Saving global config key zimbraCertAuthorityCertSelfSigned failed
  • zimbra certificate expired
  • Unable to determine enabled services from ldap Unable to determine enabled services Cache is out of date or doesnt exist
  • unable to determine enabled services from ldap zimbra
  • zimbra Unable to determine enabled services Cache is out of date or doesnt exist
  • zimbra Unable to determine enabled services from ldap
  • Saving server config key zimbraSSLCertificate failed
  • zimbra expired certificate
  • Unable to determine enabled services Cache is out of date or doesn\t exist
  • Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty pkcs12 failed
  • zimbra Saving server config key zimbraSSLPrivateKey failed
  • Starting ldap Done Unable to determine enabled services from ldap Unable to determine enabled services Cache is out of date or doesnt exist
  • how to upgrade ssl certificate of zimbra collaboration suite
  • zimbraSSLCertificate failed
  • zimbra Cache is out of date or doesnt exist
  • update certificate zimbra
  • zimbra update certificate
  • zimbrasslprivatekey
  • Saving global config key zimbraCertAuthorityKeySelfSigned failed
  • zimbra Unable to determine enabled services Cache is out of date or doesn\t exist
  • zimbra license grace period
  • zimbra cli license update
  • zimbra renew cert
  • zimbra ssl certificate
  • cisco css renew cert
  • ZimbraSSLPrivateKey failed
  • renew certificate zimbra
  • zimbra certificate
  • zimbra create certificate 6 0
  • saving server config key zimbraSSLPrivateKey fail
  • zimbra ssl creating
  • zimbra cert
  • download zimbra certificate
  • zimbra cas
  • STATUS: : Unable: to determine enabled services Cache is out of date or doesnt exist
  • certificate zimbra
  • Cache is out of date zimbra
  • zimbra update cert
  • ** Saving server config key zimbraSSLCertificate failed ** Saving server config key zimbraSSLPrivateKey failed
  • ** Saving server config key zimbraSSLCertificate failed
  • zimbra cert renew download
  • ldap certificate zimbra
  • Cache is out of date or doesnt exist
  • zimbra ldap ca renew
  • zimbra regenerate ssl
  • zimbra renew ssl certificate
  • cache out of date or doesnot exist
2011
02/01
CATEGORY
mail server
Write comment

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

KULI IT
Follow

Get every new post delivered to your Inbox.