Notifications
Clear all
Zimbra Build by Zextras - no Zextras support guaranteed
1
Posts
1
Users
0
Reactions
585
Views
Topic starter
03/02/2024 18:13
We use a shell script to install and update a LetsEncrypt SSL certificate on our Zimbra 9 (Zextras) installation.
On the last renewal, we got this error:
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1): pkcs12: Unrecognized flag propquery
I found this similar post in this forum: https://community.zextras.com/forum/zimbra-ose-howto/error-openssl-pkcs12-export-to-opt-zimbra-ssl-zimbra-jetty-pkcs12-failed1/
I found the same solution seems to fix the problem I was having.
As zimbra user, edit /opt/zimbra/bin/zmcertmgr line 1817 and line 1878. On both lines, modify the @out array, like this:
@out = $self->run( $self->Openssl, "pkcs12", "-inkey", $keyf, "-in", $crtf, "-name", $server, "-export", "-out", $pkcsf, "-passout", "pass:$kpass", "-nomac", "2>&1" );
I don't know if this is correct, but it seems to work for me.
I think this issue was caused by an upstream change to use a new version of openssl. You can check yours with:
su - zimbra openssl version OpenSSL 1.1.1t FIPS 7 Feb 2023
FYI only...
G