Skip to content

Wiki do Mário

O meu Blog pessoal

Menu
  • Cookie policy
  • index
  • Qual o meu IP
  • Recuperar a Password BIOS
  • Sample Page
Menu

Zimbra Failing to Start

Posted on Setembro 13, 2018 by tech

Unable to start TLS: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed when connecting to ldap master.

Um cliente ligou a informar que tinha ficado com o serviço de email parado.
Ao arrancar com o serviço de email

zmcontrol restart

o resultado foi

Host mail.dominio.xpto
        Stopping vmware-ha...Done.
        Stopping zmconfigd...Done.
        Stopping zimlet webapp...Done.
        Stopping zimbraAdmin webapp...Done.
        Stopping zimbra webapp...Done.
        Stopping service webapp...Done.
        Stopping stats...Done.
        Stopping mta...Done.
        Stopping spell...Done.
        Stopping snmp...Done.
        Stopping cbpolicyd...Done.
        Stopping archiving...Done.
        Stopping opendkim...Done.
        Stopping amavis...Done.
        Stopping antivirus...Done.
        Stopping antispam...Done.
        Stopping proxy...Done.
        Stopping memcached...Done.
        Stopping mailbox...Done.
        Stopping convertd...Done.
        Stopping logger...Done.
        Stopping dnscache...Done.
        Stopping ldap...Done.
Host mail.host.xpto
        Starting ldap...Done.
Unable to start TLS: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed when connecting to ldap master.

O que indicou que o problema estava no certificado auto-assinado já expirado. Pode verificar com o comando:

/opt/zimbra/bin/zmcertmgr  viewdeployedcrt all |grep notAfter

Resolução

/opt/zimbra/bin/zmcertmgr createca -new
        ** Recreating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf
        ** Using CA private key in '/opt/zimbra/ssl/zimbra/ca/ca.key'
        ** Creating CA with existing private key /opt/zimbra/ssl/zimbra/ca/ca.key
/opt/zimbra/bin/zmcertmgr createcrt -new -days 1095
        ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20180913144020
        ** Recreating /opt/zimbra/conf/zmssl.cnf
        ** Generating a server CSR of type 'self' for download
        ** Using CA cert in '/opt/zimbra/ssl/zimbra/ca/ca.pem'
        ** Using CA private key in '/opt/zimbra/ssl/zimbra/ca/ca.key'
        ** Using Commercial CA cert in '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
        ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr with keysize=2048 digest=sha256
        ** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.dominio.xpto...ok
        ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr
/opt/zimbra/bin/zmcertmgr deploycrt self
        ** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.dominio.xpto...ok
        ** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.dominio.xpto...ok
        ** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
        ** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/imapd.crt'
        ** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/imapd.key'
        ** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
        ** Creating keystore '/opt/zimbra/conf/imapd.keystore'
        ** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
        ** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/slapd.crt'
        ** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/slapd.key'
        ** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
        ** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
        ** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
        ** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/smtpd.crt'
        ** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/smtpd.key'
        ** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
        ** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/nginx.crt'
        ** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/nginx.key'
        ** NOTE: restart services to use the new certificates.
        ** Cleaning up 7 files from '/opt/zimbra/conf/ca'
        ** Removing /opt/zimbra/conf/ca/commercial_ca_1.crt
        ** Removing /opt/zimbra/conf/ca/2e5ac55d.0
        ** Removing /opt/zimbra/conf/ca/commercial_ca_2.crt
        ** Removing /opt/zimbra/conf/ca/6328b5aa.0
        ** Removing /opt/zimbra/conf/ca/ca.key
        ** Removing /opt/zimbra/conf/ca/4f06f81d.0
        ** Removing /opt/zimbra/conf/ca/ca.pem
        ** Copying CA to /opt/zimbra/conf/ca
        ** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
        ** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
        ** Creating CA hash symlink '6328b5aa.0' -> 'ca.pem'
        ** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
        ** Creating CA hash symlink '4f06f81d.0' -> 'commercial_ca_1.crt'
        ** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
        ** Creating CA hash symlink '2e5ac55d.0' -> 'commercial_ca_2.crt'
/opt/zimbra/bin/zmcertmgr deployca
        ** Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...ok
        ** Saving config key 'zimbraCertAuthorityKeySelfSigned' via zmprov modifyConfig...ok
        ** Importing cert '/opt/zimbra/ssl/zimbra/ca/ca.pem' as 'my_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'
        ** NOTE: restart mailboxd to use the imported certificate.
        ** Cleaning up 7 files from '/opt/zimbra/conf/ca'
        ** Removing /opt/zimbra/conf/ca/commercial_ca_1.crt
        ** Removing /opt/zimbra/conf/ca/2e5ac55d.0
        ** Removing /opt/zimbra/conf/ca/commercial_ca_2.crt
        ** Removing /opt/zimbra/conf/ca/6328b5aa.0
        ** Removing /opt/zimbra/conf/ca/ca.key
        ** Removing /opt/zimbra/conf/ca/4f06f81d.0
        ** Removing /opt/zimbra/conf/ca/ca.pem
        ** Copying CA to /opt/zimbra/conf/ca
        ** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
        ** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
        ** Creating CA hash symlink '6328b5aa.0' -> 'ca.pem'
        ** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
        ** Creating CA hash symlink '4f06f81d.0' -> 'commercial_ca_1.crt'
        ** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
        ** Creating CA hash symlink '2e5ac55d.0' -> 'commercial_ca_2.crt'

Espero ter ajudado.

Deixe uma resposta Cancelar resposta

O seu endereço de email não será publicado. Campos obrigatórios marcados com *

Suporte




10 AD antispam at bash BAT Brave Bypass Stateful Firewall CALs certificado Chrome CLAM Clamd Cli cmd cmd kill service crtboot Crypto Desempenho Device CAL directory Dns DNSMASQ DS4300 EFA EFA project ei.cfg email Emulex ESXI esxupdate error codes IP mta Network password postfix shell Ubuntu UBUNTU 16.04 ubuntu 18.04 Upgrade VMWARE windows Windows Server zimbra

  • Fevereiro 2020
  • Junho 2019
  • Maio 2019
  • Abril 2019
  • Dezembro 2018
  • Novembro 2018
  • Outubro 2018
  • Setembro 2018
  • Junho 2018
  • Maio 2018
  • Março 2018
  • Janeiro 2018
  • Dezembro 2017
  • Outubro 2017
  • Agosto 2017
  • Julho 2017



© 2023 Wiki do Mário | Powered by Superbs Personal Blog theme