故障現象:
#su - zimbra
$zmcontral status
提示:
Unable to determine enabled services from ldap.
Enabled services read from cache. Service list may be inaccurate.
出現這些情況的原因主要有四種,很可能爲證書過期或失效這種原因,解決這個問題的方法其實也非常簡單,就是重新簽發ZCS證書即可,下面就講一下證書籤發的過程及情況,其他原因造成ZCS因LDAP問題無法啓動部分服務的原因我會有空時發帖總結,謝謝支持。
分爲兩種情況:
一 ZCS服務正常,但想延長證書使用的時間;
用root執行裏下命令,簽發一個可以使用20年的證書。
執行完成後重啓postfix服務即可生效,命令爲:#postfix reload。
二 、如果ZCS服務已經無法全部啓動,那麼先停止ZCS服務,執行以上命令後,再啓動ZCS服務即可。
經測試,簽發20年的證書全部成功,簽發50年的證書可能會失敗。
下面爲簽發的過程(此過程中有部分failed,僅供參考,實際成功簽發時代碼不同):
[root@mail ~]# /opt/zimbra/bin/zmcertmgr createca -new
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.
[root@mail ~]# /opt/zimbra/bin/zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.
** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.
** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.
** Copying CA to /opt/zimbra/conf/ca...done.
[root@mail ~]# /opt/zimbra/bin/zmcertmgr createcrt -new -days 7300
Validation days: 7300
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20130813223625
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20130813223625
** Retrieving Commercial CA cert from ldap...failed.
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
** Saving server config key zimbraSSLPrivateKey...failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.
[root@mail ~]# /opt/zimbra/bin/zmcertmgr deploycrt self
** Saving server config key zimbraSSLCertificate...failed.
** Saving server config key zimbraSSLPrivateKey...failed.
** Installing mta certificate and key...done.
** Installing slapd certificate and key...done.
** Installing proxy certificate and key...done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.
** Installing CA to /opt/zimbra/conf/ca...done.
[root@mail ~]# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
::service mta::
notBefore=Aug 13 14:36:34 2013 GMT
notAfter=Aug 8 14:36:34 2033 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn
SubjectAltName=
::service proxy::
notBefore=Aug 13 14:36:34 2013 GMT
notAfter=Aug 8 14:36:34 2033 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn
SubjectAltName=
::service mailboxd::
notBefore=Aug 13 14:36:34 2013 GMT
notAfter=Aug 8 14:36:34 2033 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn
SubjectAltName=
::service ldap::
notBefore=Aug 13 14:36:34 2013 GMT
notAfter=Aug 8 14:36:34 2033 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn
SubjectAltName=
[root@mail ~]# ::service ldap::
-bash: ::service: command not found
[root@mail ~]# su - zimbra
[zimbra@mail ~]$ zmcontrol start
Host mail.test.gd.cn
Starting ldap...Done.
Starting zmconfigd...Done.
Starting logger...Done.
Starting mailbox...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.
You have new mail in /var/spool/mail/zimbra