scantec wrote: ↑Tue Mar 26, 2024 6:44 pm
Hello,
Using your build to upgrade from 10.0.6 I always get "Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...failed (rc=2)" error (seen this before with other builds).
I suspect this has to do with different ldap schema as said on
viewtopic.php?p=313162#p313162
Thanks
It was attempting to do this from tracking that message to zmcertmgr at saveConfKey (Note: I have converted it to corresponding command line syntax from perl):
Code: Select all
% zmprov -m -l modifyconfig zimbraCertAuthorityCertSelfSigned `cat /opt/zimbra/conf/ca/ca.key`
You can verify via this:
Code: Select all
% zmprov -m -l getconfig zimbraCertAuthorityCertSelfSigned
The -l means local ldap and the -m means master I believe ... In your install logs generated by the upgrade process, was there any mention of ldap issues or file permission with /opt/zimbra/conf/ca, etc, etc. Was it running? Do you have anything happening with ldap_is_master attribute?
Here is what I believe it wanted to do and from my upgrade of 10.0.5 FOSS to 10.0.7 FOSS
Code: Select all
Mon Mar 18 17:48:12 2024 Saving CA in ldap...
Mon Mar 18 17:48:12 2024 *** Running as zimbra user: /opt/zimbra/bin/zmcertmgr deployca
** Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...ok
** Saving config key 'zimbraCertAuthorityKeySelfSigned' via zmprov modifyConfig...ok
** Importing cert '/opt/zimbra/ssl/zimbra/ca/ca.pem' as 'my_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
** Cleaning up 9 files from '/opt/zimbra/conf/ca'
...
Following the code is a little bit of a chore... zmsetup.pl -> zmupgrade.pm -> zmcertmgr if I understood what I was reading. No guarantee with perl
... but I believe it was the zmcertmgr deployca that caused your failure.
I build the same way so I should be looking at the correct code base for 10.0.7 FOSS. Maybe Adrian or others have some ideas.
Jim