Upgrading to Zimbra Collaboration 8.6.0 from 8.5.0 : Error: Unable to create a successful TLS connection to the ldap masters

[Eduardo]

Hi guys, i get next problem: i have to enable proxy and memcached issue and i create a new certificate following this:


/opt/zimbra/bin/zmcertmgr createcrt -new -subject "/C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=*my.domain.com"

im trying with

/opt/zimbra/bin/zmcertmgr createcsr comm -new -subject "/C=GB/ST=London/L=London/O=Zimbra/OU=Zimbra IT/CN=*my.domain.com"

but i get the same message:
Validating ldap configuration
Error: Unable to create a successful TLS connection to the ldap masters.
Fix cert configuration prior to upgrading.
somebdoy try to help me please !!

[aepittman]

Hi,
Sorry for posting against a fairly old string, but I am trying to upgrade from 8.5.0 to 8.7.0 and I am getting this error:

Validating ldap configuration
Error: Unable to create a successful TLS connection to the ldap masters.
Fix cert configuration prior to upgrading.

I tried upgrading from 8.5.0 to 8.6.0 and got the same error.
I've been reading through this posting and I guess I'm not understanding my issue.
I can tell you that my internal host name matches the external (Internet) host name, but with different IP addresses (split DNS).

Here is my cert info:

::service mta::
notBefore=Oct 7 20:02:24 2012 GMT
notAfter=Oct 6 20:02:24 2017 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.mail-highlandscofc.org
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.mail-highlandscofc.org
SubjectAltName=
::service proxy::
notBefore=Oct 7 20:02:24 2012 GMT
notAfter=Oct 6 20:02:24 2017 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.mail-highlandscofc.org
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.mail-highlandscofc.org
SubjectAltName=
::service mailboxd::
notBefore=Oct 7 20:02:24 2012 GMT
notAfter=Oct 6 20:02:24 2017 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.mail-highlandscofc.org
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.mail-highlandscofc.org
SubjectAltName=
::service ldap::
notBefore=Oct 7 20:02:24 2012 GMT
notAfter=Oct 6 20:02:24 2017 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.mail-highlandscofc.org
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Server/OU=Zimbra Collaboration Server/CN=mail.mail-highlandscofc.org
SubjectAltName=
[root@mail zcs-8.6.0_GA_1153.RHEL6_64.20141215151155]#

Any help would be appreciated.

aep

[bunny]

Hello,

I too faced the same problem since 3 days. The error was occurring when zimbra was restarted after deploying ssl certificate. Finally, I was able resolve the issue by disabling TLS connections before deploying ssl certificate.

Procedure is as follows:
Run these commands before deploying the SSL certs

Code: Select all

su - zimbra 
zmlocalconfig -e ssl_allow_untrusted_certs=true 
zmlocalconfig -e ldap_starttls_supported=0
zmlocalconfig -e ldap_starttls_required=false
zmlocalconfig -e ldap_common_require_tls=0
zmcontrol restart

Now deploy the certificates and restart the zimbra server and it should start. Then TLS can be enabled again by flipping the values for the above.

In my server, I did not enable TLS as I did not face any problem.

Try this.....