Error Failed To Create Jetty.pkcs12
Failed to create jetty.pkcs12 - This is archive documentation, which means it is not supported or valid for recent versions of Zimbra Collaboration. If you are seeing the following error when you try to install the commercial certificate via Administration Console>Certificates, Your certificate was not installed due to the error: system failure: XXXXX ERROR: failed to create jetty.pkcs12 Message: Your certificate was not installed due to the error: system failure: XXXXX ERROR: failed to create jetty.pkcs12 Error code: ZaCertWizard.prototype.installCallback Method: AjxException.UNKNOWN_ERROR Details:system failure: XXXXX ERROR: failed to create jetty.pkcs12 On Zimbra 7.x, a common cause of this error is that the uploaded certificates do not contain a trailing newline. To fix, simply edit the file with a text editor and ensure that there is a blank line after the "-----END CERTIFICATE-----" line. On Linux, vi/vim does this by default. (You can force this by editing the file in VI, going to the end of the last dash, hit RETURN and then BACKSPACE. That will place the trailing newline.) Check the following: 1. Make sure the permissions of the /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/ directory is set to 644 zimbra:zimbra. 2. Clear all the current aliases in the mailboxd keystore except for the jetty alias. keytool -delete -alias tomcat -keystore /opt/zimbra/mailboxd/etc/keystore -storepass `zmlocalconfig -s -m nokey mailboxd_keystore_password` 3. If you are running ZCS version 5.0.5, comment out line #539 of the /opt/zimbra/bin/zmcertmgr utility before deploying the cert. This is bug 27581 [[1]]. 4. Until 5.0.9, check that commercial.crt last char is a cr, bug 31034 [[2]]. Verified Against: ZCS 5.0.x Date Created: 9/17/2008 Article ID: https://wiki.zimbra.com/index.php?title=Failed_to_create_jetty.pkcs12 Date Modified: 03/30/2015 Try Zimbra Try Zimbra Collaboration with a 60-day free trial. Get it now» Want to get involved? You can contribute in the Community, Wiki, Code, or development of Zimlets. Find out more.» Other help Resources User Help Page» Official Forums» Zimbra
Collaboration Server Administrators Search It is currently Tue Oct 11, 2016 11:26 am All times are UTC Are you using Zimbra Open Source and you need Backup, Mobile sync and more? We have a solution for you - https://www.zimbra.com/zimbra-suite-plus/Zimbra Collaboration 8.7 is here!. Read the announcementZimbra Collaboration 8.6 Patch 7 is here. See https://forums.zimbra.org/viewtopic.php?f=8&t=59816Thinking of upgrading your OS to Ubuntu 16.04 LTS? It is currently not supported. See https://bugzilla.zimbra.com/show_bug.cgi?id=103683Are you a Zimbra Developer? You https://wiki.zimbra.com/wiki/Failed_to_create_jetty.pkcs12 can find some interesting Community Projects on GitHub: https://github.com/Zimbra-Community/ and in our Official GitHub as well: https://github.com/Zimbra [SOLVED] Zmcertmgr commerical cert install error: Failed to create jetty.pkcs12 Discuss your pilot or production implementation with other Zimbra admins or our engineers. Post Reply Print view Search Advanced search 2 posts • Page 1 of 1 iait https://forums.zimbra.org/viewtopic.php?t=18582 Posts: 10 Joined: Fri Sep 12, 2014 11:33 pm [SOLVED] Zmcertmgr commerical cert install error: Failed to create jetty.pkcs12 Quote Postby iait » Mon Jun 21, 2010 5:17 pm Zimbra Version 6.0.6Whether trying to install the commercial cert via the web interface, or via the command line, both result in the errors./opt/zimbra/bin/zmcertmgr deploycrt comm ./SiteCert.crt ./GlobalSign_Org_Bundle_root.crt** Verifying ./SiteCert.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.keyCertificate (./SiteCert.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.Valid Certificate: ./SiteCert.crt: OK** Copying ./SiteCert.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt** Appending ca chain ./GlobalSign_Org_Bundle_root.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt** Saving server config key zimbraSSLCertificate...done.** Saving server config key zimbraSSLPrivateKey...done.** Installing mta certificate and key...done.** Installing slapd certificate and key...done.** Installing proxy certificate and key...done.** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...failed.XXXXX ERROR: failed to create jetty.pkcs12No certificate matches private keyI've tried http://www.zimbra.com/forums/administrators/40323-solved-can-t-install-my-commercial-certificate.html#post184586And also tried: [url=Failed to create jetty.pkcs12 - Zimbra :: Wiki[/url] zmcertmgr verifycrt is good. Any suggestions? Thanks! Share on Facebook Share on Twitter Share on Digg Share on Reddit Share on Google+ Top iait Posts: 10 Joined: Fri Sep 12, 2014 11:33 pm [SOLVED]
"mail.rgiapratama.net" ** Generating a server http://www.rgiapratama.net/2012/05/07/thawte-ssl123-certificate-in-zimbra-7-1-4-ose/ csr for download comm -new -keysize 2048 https://mbahjasjus.wordpress.com/2011/02/01/renew-certificate-or-create-new-certificate-from-zimbra-cli/ -subject /C=ID/ST=Jabar/L=Bandung/O=rgiapratama/OU=GIA/CN=mail.rgiapratama.net -subjectAltNames mail.rgiapratama.net ** Creating /opt/zimbra/conf/zmssl.cnf...done ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20120502214856 ** Creating server cert request /opt/zimbra/ssl/zimbra/commercial/commercial.csr...done. ** Saving server config key zimbraSSLPrivateKey...done. Submit commercial.csr to error failed Thawte, after approval process and you get commercial.crt, download Premium Server CA, Primary Intermediate CA and Secondary Intermediate CA. Make sure you add blank line after the "---END CERTIFICATE---" line, or you will get error failed to Failed to create jetty.pkcs12 error when deploy Commercial CRT (http://wiki.zimbra.com/wiki/Failed_to_create_jetty.pkcs12) And after that combine Premium Server CA, Primary Intermediate CA and Secondary Intermediate CA. [gia@mail ~]$ wget https://www.thawte.com/roots/thawte_Premium_Server_CA.pem [gia@mail ~]$ wget https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL_PrimaryCA.pem [gia@mail ~]$ wget https://search.thawte.com/library/VERISIGN/ALL_OTHER/thawte%20ca/SSL_SecondaryCA.pem [gia@mail ~]$ cat thawte_Premium_Server_CA.pem SSL_PrimaryCA.pem SSL_SecondaryCA.pem > ca_chain.crt Verify Commercial Certificate (commercial.crt) root@mail gia]# /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /home/gia/commercial.crt ** Verifying /home/gia/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key Certificate (/home/gia/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match. Valid Certificate: /home/gia/commercial.crt: OK Deploy Commercial Certificate [root@mail gia]# /opt/zimbra/bin/zmcertmgr deploycrt comm /home/gia/commercial.crt /home/gia/ca_chain.crt ** Verifying /home/gia/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key Certificate (/home/gia/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match. Valid Certificate: /home/gia/commercial.crt: OK ** Copying /home/gia/commercial.crt to /opt
one of our client get expired and current status is in grace period. Accident happen when server was forced to shutdown due to electrical problem. When the server goes up nothing email server still down. I try to start the service manually. $ zmcontrol start Host mail.yourdomain.com Unable to determine enabled services from ldap. Unable to determine enabled services. Cache is out of date or doesn’t exist. Further investigation tell me about certificate expiration, I must renew it. Here the steps : # su – zimbra $ /opt/zimbra/bin/zmcertmgr createca -new /opt/zimbra/bin/zmcertmgr must be run as user root $ exit logout Hohoho, the command must run by root. Begin by generating a new Certificate Authority (CA). # /opt/zimbra/bin/zmcertmgr createca -new ** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf…done ** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key…done. ** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem…done. Then generate a certificate signed by the CA that expires in 365 days. # /opt/zimbra/bin/zmcertmgr createcrt -new -days 365 Validation days: 365 ** Creating /opt/zimbra/conf/zmssl.cnf…done ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20101009200401 ** Generating a server csr for download self -new -keysize 1024 ** Creating /opt/zimbra/conf/zmssl.cnf…done ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20101009200401 ** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr…done. ** Saving server config key zimbraSSLPrivateKey…failed. ** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr…done. Next deploy the certificate. # /opt/zimbra/bin/zmcertmgr deploycrt self ** Saving server config key zimbraSSLCertificate…done. ** Saving server config key zimbraSSLPrivateKey…done. ** Installing mta certificate and key…done. ** Installing slapd certificate and key…done. ** Installing proxy certificate and key…done. ** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done. ** Creating keystore file /opt/zimbra/mailboxd/etc/keystore…done. ** Installing CA to /opt/zimbra/co