Authentication Bypass in MailboxImportServlet vulnerability (reminder)
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/

Unable to update SSL certificate

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
arif.nardite
Posts: 1
Joined: Fri Oct 22, 2021 7:36 am

Unable to update SSL certificate

Postby arif.nardite » Fri Oct 22, 2021 7:42 am

I'm facing this error when trying to update my certificate that purchased from Sectigo for my domain. This is the wildcard ssl

Your certificate was not installed due to the error : system failure: exception executing command: zmcertmgr verifycrtchain /opt/zimbra/data/tmp/63173479-9340-49dc-b28a-5bf716688e0e/chain_1e609a2b-535f-4f58-9f69-87b96092b70b /opt/zimbra/data/tmp/63173479-9340-49dc-b28a-5bf716688e0e/crt_1e609a2b-535f-4f58-9f69-87b96092b70b with {RemoteManager: notify.softexindonesia.com->zimbra@notify.softexindonesia.com:22}


Details :
Message: Your certificate was not installed due to the error : system failure: exception executing command: zmcertmgr verifycrtchain /opt/zimbra/data/tmp/63173479-9340-49dc-b28a-5bf716688e0e/chain_1e609a2b-535f-4f58-9f69-87b96092b70b /opt/zimbra/data/tmp/63173479-9340-49dc-b28a-5bf716688e0e/crt_1e609a2b-535f-4f58-9f69-87b96092b70b with {RemoteManager: notify.softexindonesia.com->zimbra@notify.softexindonesia.com:22} Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: exception executing command: zmcertmgr verifycrtchain /opt/zimbra/data/tmp/63173479-9340-49dc-b28a-5bf716688e0e/chain_1e609a2b-535f-4f58-9f69-87b96092b70b /opt/zimbra/data/tmp/63173479-9340-49dc-b28a-5bf716688e0e/crt_1e609a2b-535f-4f58-9f69-87b96092b70b with {RemoteManager: notify.softexindonesia.com->zimbra@notify.softexindonesia.com:22}
Detail

I'm performing the update from the GUI.

Tried on the console also having an issue.

I'm attaching the screenshot as well. Appreciate the assistance on this, since my SMTP mail cannot be use on my application that use this zimbra.
Attachments
Zimbra.PNG
Zimbra.PNG (66.72 KiB) Viewed 3147 times


viktor_mitkov
Posts: 1
Joined: Wed Nov 23, 2022 1:04 pm

Re: Unable to update SSL certificate

Postby viktor_mitkov » Wed Nov 23, 2022 1:14 pm

Hello all,

I have the same problem.
Can anyone help with this problem?

Message: Your certificate was not installed due to the error: system failure: exception executing command: zmcertmgr verifycrtchain /opt/zimbra/data/tmp/79cb0620-b1a3-4629-9e7a-f53a810b23d5/chain_c678fb44-5cf9-4393-80dc-d1ad4faf38b9 /opt/zimbra/data/tmp/79cb0620-b1a3-4629-9e7a-f53a810b23d5/crt_c678fb44-5cf9-4393-80dc-d1ad4faf38b9 with {RemoteManager: smtp.dware.bg->zimbra@smtp.dware.bg:22} Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: exception executing command: zmcertmgr verifycrtchain /opt/zimbra/data/tmp/79cb0620-b1a3-4629-9e7a-f53a810b23d5/chain_c678fb44-5cf9-4393-80dc-d1ad4faf38b9 /opt/zimbra/data/tmp/79cb0620-b1a3-4629-9e7a-f53a810b23d5/crt_c678fb44-5cf9-4393-80dc-d1ad4faf38b9 with {RemoteManager: smtp.dware.bg->zimbra@smtp.dware.bg:22}Message: Your certificate was not installed due to the error : system failure: exception executing command: zmcertmgr verifycrtchain /opt/zimbra/data/tmp/79cb0620-b1a3-4629-9e7a-f53a810b23d5/chain_c678fb44-5cf9-4393-80dc-d1ad4faf38b9 /opt/zimbra/data/tmp/79cb0620-b1a3-4629-9e7a-f53a810b23d5/crt_c678fb44-5cf9-4393-80dc-d1ad4faf38b9 with {RemoteManager: smtp.dware.bg->zimbra@smtp.dware.bg:22} Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: exception executing command: zmcertmgr verifycrtchain /opt/zimbra/data/tmp/79cb0620-b1a3-4629-9e7a-f53a810b23d5/chain_c678fb44-5cf9-4393-80dc-d1ad4faf38b9 /opt/zimbra/data/tmp/79cb0620-b1a3-4629-9e7a-f53a810b23d5/crt_c678fb44-5cf9-4393-80dc-d1ad4faf38b9 with {RemoteManager: smtp.dware.bg->zimbra@smtp.dware.bg:22}
Attachments
2022-11-23 15_07_16-.png
2022-11-23 15_07_16-.png (117.54 KiB) Viewed 1334 times
milauria
Advanced member
Advanced member
Posts: 93
Joined: Mon Aug 15, 2016 12:32 pm

Re: Unable to update SSL certificate

Postby milauria » Wed Nov 23, 2022 10:56 pm

Have you created the certificate chain properly ?
https://wiki.zimbra.com/wiki/Certificate_Chain
Victor.Davydenko
Posts: 1
Joined: Thu Nov 24, 2022 12:17 pm

Re: Unable to update SSL certificate

Postby Victor.Davydenko » Thu Nov 24, 2022 12:49 pm

Hi!
Unfortunatelly, I have the same problem too. With small difference: i trying to install DV sertificate of another CA: Certum.
I contacted with CA manager and i know the chain created properly. Does Zimbra checks any server's settings: some ports avaliability, etc?
To undestand of problem i tried command line interface and took theese:

/opt/zimbra/bin/zmcertmgr verifycrtchain /opt/ssl/commercial_ca.crt /opt/ssl/commercial.crt
** Verifying '/opt/ssl/commercial.crt' against '/opt/ssl/commercial_ca.crt'
ERROR: Unable to validate certificate chain: C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
error 2 at 2 depth lookup: unable to get issuer certificate
error /opt/ssl/commercial.crt: verification failed

Best regards!
Victor.
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2516
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 8.8.15 Network Edition
Contact:

Re: Unable to update SSL certificate

Postby L. Mark Stone » Thu Nov 24, 2022 4:07 pm

Many certificate issuers’ Support teams will say “the chain is complete” because all the applications with which they are familiar rely either on the root certificates provided by an operating system or because for a web application the browsers themselves have their own root certificate store to provide that “missing” cert.

But Zimbra is different. It has multiple certificate stores and does not utilize the operating system’s root certificate packages.

As a result, I prefer to install certificates only from the command line. When you run “zmcertmgr verifycrt” and it passes, I have never had the cert deployment fail.
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
Zeta Alliance http://www.zetalliance.org/

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 35 guests