Notifications
Clear all
Topic starter
10/18/2023 16:35
@trigg3r roll up a bit... there are many messages showing the right lines you have to change.. please read the previous posts.
10/18/2023 16:50
Hai solved with this: https://github.com/Zimbra/zm-core-utils/pull/137
adding "-propquery", "-fips" (not "- ")
thank you!
anahuac reacted
04/18/2024 14:10
hi,
i have a similar problem but my error is different. I try to distribute a commercial certificate. if I do the check the result is OK.
i I already tried changing the properties in "-nomac" or "-propquery", "-fips"
[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt ** Verifying '/tmp/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' Certificate '/tmp/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. ** Verifying '/tmp/commercial.crt' against '/tmp/ca_chain.crt' Valid certificate chain: /tmp/commercial.crt: OK [zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt ** Fixing newlines in '/tmp/ca_chain.crt' Can't rename /tmp/ca_chain.crt to /tmp/ca_chain.crt.bak: Operation not permitted, skipping file at /opt/zimbra/bin/zmcertmgr line 1239. ** Verifying '/tmp/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' Certificate '/tmp/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. ** Verifying '/tmp/commercial.crt' against '/tmp/ca_chain.crt' Valid certificate chain: /tmp/commercial.crt: OK ** Copying '/tmp/commercial.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' ** Copying '/tmp/ca_chain.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' ** Appending ca chain '/tmp/ca_chain.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' ** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts' ** NOTE: restart mailboxd to use the imported certificate. ** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.xxx.it...ERROR: account.INVALID_ATTR_VALUE (invalid attr value: invalid attr value - unable to modify attributes: ldap host=mail.xxx.it:389: zimbraSSLCertificate: value #0 invalid per syntax) (cause: com.zimbra.cs.ldap.LdapException$LdapInvalidAttrValueException invalid attr value - unable to modify attributes: ldap host=mail.xxx.it:389: zimbraSSLCertificate: value #0 invalid per syntax) failed (rc=2) ** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key' ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt' ** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key' ** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1): No cert in -in file '/opt/zimbra/conf/imapd.crt' matches private key 8003D8AF467F0000:error:05800074:x509 certificate routines:X509_check_private_key:key values mismatch:crypto/x509/x509_cmp.c:405: 8003D8AF467F0000:error:05800074:x509 certificate routines:X509_check_private_key:key values mismatch:crypto/x509/x509_cmp.c:405:
This post was modified 1 week ago 2 times by Nico35
04/18/2024 15:37
I resolved the commercial certificate was not in the format required by zimbra
Page 2 / 2
Prev