Zimbra 7->8.5 upgrade ssl failure
Zimbra 7->8.5 upgrade ssl failure
I'm trying to upgrade a test 7.2.7 cluster to 8.5. I ran /opt/zimbra/bin/zmcertmgr deploycrt self as described in the upgrade instructions, however, I still get an ssl failure that aborts the install process:
This appears to be 7.2.7_GA
Unable to start TLS: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed when connecting to ldap master.
UPGRADE FAILED - exiting.
Any insights? Thanks!
This appears to be 7.2.7_GA
Unable to start TLS: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed when connecting to ldap master.
UPGRADE FAILED - exiting.
Any insights? Thanks!
- vavai
- Advanced member
- Posts: 174
- Joined: Thu Nov 14, 2013 2:41 pm
- Location: Indonesia
- ZCS/ZD Version: 0
- Contact:
Zimbra 7->8.5 upgrade ssl failure
Hi Abatie,
Did you check the certificate before trying to upgrade system?
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
Also, why don't use cheap SSL commercial certificate just like PositiveSSL or RapidSSL, single domain with about $10 for 1 year
ss
Did you check the certificate before trying to upgrade system?
/opt/zimbra/bin/zmcertmgr viewdeployedcrt
Also, why don't use cheap SSL commercial certificate just like PositiveSSL or RapidSSL, single domain with about $10 for 1 year
ss
Zimbra 7->8.5 upgrade ssl failure
What would I check? In fact rsyncing /opt/zimbra/conf/ca directory from the master ldap server solves the problem, rather than what the upgrade instructions say to do. And I don't bother getting a real certificate because it's unnecessary extra work since the cert is not used externally.
Zimbra 7->8.5 upgrade ssl failure
Hi abatie,
what step you follow to solve the problem?
I tried to copy the /opt/zimbra/conf/ca on the mta server but the upgrade fail with the error
Unable to start TLS: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed when connecting to ldap master.
Thanks for the help
--
Laragio
what step you follow to solve the problem?
I tried to copy the /opt/zimbra/conf/ca on the mta server but the upgrade fail with the error
Unable to start TLS: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed when connecting to ldap master.
Thanks for the help
--
Laragio
Zimbra 7->8.5 upgrade ssl failure
I don't remember exactly where I ran into more problems, but in fact I ended up caving and installing a real certificate across the cluster.
Zimbra 7->8.5 upgrade ssl failure
Hi,
now i have a commercial certificate on the cluster but the error in the upgrade is the same
Unable to start TLS: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed when connecting to ldap master.
Any help?
now i have a commercial certificate on the cluster but the error in the upgrade is the same
Unable to start TLS: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed when connecting to ldap master.
Any help?
Zimbra 7->8.5 upgrade ssl failure
I have similar problem. I was upgrading from 8.0.7 to 8.5.0 on Multi-Server Environment. First LDAP master and then LDAP replica updated well. Because my installation is not older than one year I decided to not regenerate certs as described in Upgrade Instructions on page 9. Next I was trying to upgrade first MTA server and got this:
Unable to start TLS: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed when connecting to ldap master.
UPGRADE FAILED - exiting.
Then I tried to regenerate certs on LDAP master with:
sudo /opt/zimbra/bin/zmcertmgr createca -new
sudo /opt/zimbra/bin/zmcertmgr deployca
sudo /opt/zimbra/bin/zmcertmgr deploycrt self -new
Last one was not working with -new attribute. After that I run :
sudo /opt/zimbra/bin/zmcertmgr deploycrt self
on all Zimbra Servers and restarted Zimbra upgrade on MTA but with no luck. Still the same problem.
Any help? Thanks!
Unable to start TLS: SSL connect attempt failed with unknown error error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed when connecting to ldap master.
UPGRADE FAILED - exiting.
Then I tried to regenerate certs on LDAP master with:
sudo /opt/zimbra/bin/zmcertmgr createca -new
sudo /opt/zimbra/bin/zmcertmgr deployca
sudo /opt/zimbra/bin/zmcertmgr deploycrt self -new
Last one was not working with -new attribute. After that I run :
sudo /opt/zimbra/bin/zmcertmgr deploycrt self
on all Zimbra Servers and restarted Zimbra upgrade on MTA but with no luck. Still the same problem.
Any help? Thanks!
Zimbra 7->8.5 upgrade ssl failure
Hi,
i solved it by changing the ldap master url from IP to the hostname of the ldap server.
What master url do you have configured?
--
Laragio
i solved it by changing the ldap master url from IP to the hostname of the ldap server.
What master url do you have configured?
--
Laragio
Zimbra 7->8.5 upgrade ssl failure
Thanks for reply Laragio,
$ zmlocalconfig -s ldap_master_url
ldap_master_url = ldap://alfa-ldap01.my.domain:389 ldap://alfa-ldap02.my.domain:389
$ zmlocalconfig -s ldap_master_url
ldap_master_url = ldap://alfa-ldap01.my.domain:389 ldap://alfa-ldap02.my.domain:389
Zimbra 7->8.5 upgrade ssl failure
Hi,
and the ldap_host?
You have a multi master ldap environment?
--
Laragio
and the ldap_host?
You have a multi master ldap environment?
--
Laragio