Generate kembali sertifikat zimbra yang expire - BOOKC -->

Generate kembali sertifikat zimbra yang expire

Saturday, September 22, 2018

Pas mau liat status zimbra tiba-tiba error begini :
root@mail:~# /etc/init.d/zimbra status
Unable to start TLS: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed when connecting to ldap master.
Cannot determine services - exiting
Ternyata ssl nya sudah expired, solusinya generate baru:
-----------------
1. Begin by generating a new Certificate Authority (CA).
This step is optional and not required everytime you renew the self signed certificate.
/opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr deployca
2. Then generate a certificate signed by the CA that expires in 365 days with either wildcard or subject altnames.
/opt/zimbra/bin/zmcertmgr createcrt -new -days 365
3. Next, deploy the certificate.
/opt/zimbra/bin/zmcertmgr deploycrt self 
4. To finish, verify the certificate was deployed.
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
5. Restart zmcontrol to take the changes in effect.
su - zimbra zmcontrol restart
Sumber : https://wiki.zimbra.com/wiki/Regenerate_Self-Signed_SSL_Certificate_-_Single-Server