Deploying SSL Certificate Error: imapd keytool(-delete -alias jetty) returned non-zero(1):

Ask questions about your setup or get help installing ZCS server (ZD section below).
Post Reply
agelmi
Posts: 3
Joined: Wed Nov 28, 2018 12:36 am

Deploying SSL Certificate Error: imapd keytool(-delete -alias jetty) returned non-zero(1):

Post by agelmi »

Hi. I'm trying to deploy a positive ssl certificate using command line. All seems fine but i get a particular error related to
imapd keytool(-delete -alias jetty) returned non-zero(1):

I didn't find any post regarding this precise error.

Please can someone point me in the right direction?
Thank you

Code: Select all

  zimbra@mailserver:~/ssl$ /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/commercial_ca.crt 
** Fixing newlines in '/tmp/commercial.crt'
Can't rename /tmp/commercial.crt to /tmp/commercial.crt.bak: Operation not permitted, skipping file at /opt/zimbra/bin/zmcertmgr line 1239.
** Verifying '/tmp/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/tmp/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/tmp/commercial.crt' against '/tmp/commercial_ca.crt'
Valid certificate chain: /tmp/commercial.crt: OK
** Copying '/tmp/commercial.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Copying '/tmp/commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
** Appending ca chain '/tmp/commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mailserver.salumilorenzi.it...ok
** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mailserver.salumilorenzi.it...ok
** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'
ERROR: imapd keytool(-delete -alias jetty) returned non-zero(1):
Errore keytool: java.lang.Exception: L'alias <jetty> non esiste
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1):
unable to load certificates
139689216960152:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:815:
Top
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:
Contact DualBoot

Re: Deploying SSL Certificate Error: imapd keytool(-delete -alias jetty) returned non-zero(1):

Post by DualBoot »

Hello,

which version of Zimbra ?
It seems that your commercial.crt has some problems too.

Regards,
Top
agelmi
Posts: 3
Joined: Wed Nov 28, 2018 12:36 am

Re: Deploying SSL Certificate Error: imapd keytool(-delete -alias jetty) returned non-zero(1):

Post by agelmi »

Thank you. It's 8.8
You were right. I've fixed ownership on '/tmp/commercial.crt' and now outputs as follow...
It's seems that it went further. There is still that "Error keytool: java.lang.Exception:" so tomorrow
I'll make a snapshot with vmware and I'll restart zimbra service to test it.
I'll report it here
Thank you

** Fixing newlines in '/tmp/commercial.crt'
** Verifying '/tmp/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/tmp/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/tmp/commercial.crt' against '/tmp/commercial_ca.crt'
Valid certificate chain: /tmp/commercial.crt: OK
** Copying '/tmp/commercial.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Copying '/tmp/commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
** Appending ca chain '/tmp/commercial_ca.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mailserver.salumilorenzi.it...ok
** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mailserver.salumilorenzi.it...ok
** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'
ERROR: imapd keytool(-delete -alias jetty) returned non-zero(1):
Errore keytool: java.lang.Exception: L'alias <jetty> non esiste
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/conf/imapd.keystore'
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'
** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'
** NOTE: restart services to use the new certificates.
** Cleaning up 3 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/fb9ff9d7.0
** Removing /opt/zimbra/conf/ca/ca.pem
** Removing /opt/zimbra/conf/ca/ca.key
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink 'fb9ff9d7.0' -> 'ca.pem'
** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
** Creating CA hash symlink '157753a5.0' -> 'commercial_ca_1.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
** Creating CA hash symlink 'd6325660.0' -> 'commercial_ca_2.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt
** Creating CA hash symlink '8d28ae65.0' -> 'commercial_ca_3.crt'
zimbra@mailserver:/tmp$ /userportal/webpages/myaccount/login.js^C
Top
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:
Contact DualBoot

Re: Deploying SSL Certificate Error: imapd keytool(-delete -alias jetty) returned non-zero(1):

Post by DualBoot »

Hello,

you can try by using this cheat : delete the keystore or move it to another place (I prefer this one).
It should recreate the keystore when deploying the certificates.

Regards,
Top
Post Reply

Return to “Installation and Upgrade”