SSL Expirado Zimbra

De Slacam_Wiki
Ir para: navegação, pesquisa

Zimbra OSE Error: Unable to determine enabled services. Cache is out of date or doesn’t exist. Posted on 27/12/2012

Case: Suddenly the mail server can’t receive and send email. No changes in configuration and settings. After checking the mail status by zmcontrol status command. [zimbra@mail log]$ zmcontrol status Unable to determine enabled services from ldap. Unable to determine enabled services. Cache is out of date or doesn’t exist.

Possible Solutions:

1. Timezone for your zimbra whether system timezone and zimbra timezone it matches or not if not then log to zimbra and run “tzselect” and find your correct timezone and make timezone entry in “.bash_profile”.

2. DNS – check whether your DNS configuration is correct. use - dig domain.com dig domain.com mx dig domain.com any

host domain.com

3. make sure /etc/resolv.conf entry is correct, make sure your “/etc/hosts” Entry is correct. Make sure disabled SeLinux, make sure you set correct permission to zimbra directory if not then run below command to fix permission issue -

\# chown -R zimbra:zimbra /opt/zimbra

\# /opt/zimbra/libexec/zmfixperms -verbose

4. If you are using self signed certificate then run below command \# zmlocalconfig -s ssl_allow_untrusted_certs

\# If that returns false, please run:

\# zmlocalconfig -e ssl_allow_untrusted_certs=true

5. Now Try creating certificate, just follow the below Instructions:

  1. su – zimbra -c ‘zmcontrol stop’
  1. rm -rf /opt/zimbra/ssl/*
  1. rm -rf /opt/zimbra/ssl/.rnd
  1. /opt/zimbra/java/bin/keytool -delete -alias my_ca -keystore /opt/zimbra/java/jre/lib/security/cacerts -storepass changeit
  1. /opt/zimbra/java/bin/keytool -delete -alias jetty -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `su – zimbra -c ‘zmlocalconfig -s -m nokey mailboxd_keystore_password’`
  1. vi /opt/zimbra/bin/zmcertmgr
  1. Find line
  2. SUBJECT=”/C=US/ST=N\/A/L=N\/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=${zimbra_server_hostname}”
  3. and change to your company name
  1. then find and change you want value days expire cert validation_days=365 to validation_days=3650
  2. save /opt/zimbra/bin/zmcertmgr
  1. /opt/zimbra/bin/zmcertmgr createca -new
  1. /opt/zimbra/bin/zmcertmgr deployca -localonly
  1. /opt/zimbra/bin/zmcertmgr createcrt self -new

May be you will receive some Failed but ignore them,

  1. /opt/zimbra/bin/zmcertmgr deploycrt self

Here also

  1. su – zimbra -c ‘zmcontrol start’

It should start services successfully.

  1. /opt/zimbra/bin/zmcertmgr deploycrt self
  1. /opt/zimbra/bin/zmcertmgr deployca

Everything would be perfect here.

  1. su – zimbra -c ‘zmupdateauthkeys’
  1. /opt/zimbra/bin/zmcertmgr viewdeployedcrt

Disponível em "http://wiki.slacam.com.br/index.php?title=SSL_Expirado_Zimbra&oldid=762"