DeutschEnglish

Submenu

 - - - By CrazyStat - - -

9. September 2012

Zimbra: Creating a new self-signed SSL certificate

Filed under: Linux,Server Administration — Tags: , , , , , , , , , — Christopher Kramer @ 10:04

I recently had to recreate the SSL certificate of a Zimbra server and surprisingly it was not as easy as the documentation looked like, so I’d like to document how it is done and make comments on some difficulties that might come up.

So this is how it is done (on a Ubuntu Server running Zimbra Network edition 6.0.16 GA):

  1. SSH into the server, login as root
  2. Switch to the zimbra-user using
    su - zimbra
  3. Then run the following commands:
     sudo /opt/zimbra/bin/zmcertmgr createca -new
     sudo /opt/zimbra/bin/zmcertmgr deployca
     sudo /opt/zimbra/bin/zmcertmgr deploycrt self
  4. Restart Zimbra. To do so, as user zimbra, issue these commands (no sudo here):
    /opt/zimbra/bin/zmcontrol stop
    /opt/zimbra/bin/zmcontrol start

So the difficulties I had and some remarks:

  • sudo kept asking me for a password when I typed in
    sudo zmcertmgr createca -new

    Seems I am not the only one with this problem. The zmcertmgr command is white-listed in /etc/sudoers so you should normally not be asked for a password. Run the following command to edit /etc/sudoers (do not edit it in any other way!)

    visudo

    So make sure in this file the following line is included:

    %zimbra ALL=NOPASSWD:/opt/zimbra/bin/zmcertmgr

    The % at the beginning seems to belong there. Note that the zimbra wiki has typo (zmvertmgr) in this line.
    But although I had this line in there, sudo kept asking me for the password. So what finally worked was invoking zmcertmgr with the complete path (as done above).
    Update: It seems I had a typo in here myself. Make sure it is “zmcertmgr”  and not “zmzertmgr” 😉
    Thanks to the comment by erolha!

  • In the Zimbra Release notes, the last command for updating the certificate is
    sudo zmcertmgr deploycrt self -new

    I got this error:

    Can't deploy cert for -new.  Unknown service.

    Without -new (and the complete path), it went through well.

  • No zimbra documentation I found mentions that a restart of zimbra is required, but without a restart, the old certificate was still used when opening the webmailer or the admin interface via https.

 

I hope I could help some of you that run into one of these problems.

Recommendation

Try my Open Source PHP visitor analytics script CrazyStat.

14. May 2012

Mount clonezilla image to restore single file (browse)

Filed under: Linux,Windows — Tags: , , , , , , , , , , — Christopher Kramer @ 12:28

Clonezilla is a fine tool to backup/restore/clone partitions or drives. It is very powerful, can handle both Linux and Windows partitions and so on. If you do not know it, you should really give it a try. It is really free software (open source), which means it is also free to use for commercial purposes.

By the way, if you want to backup/restore images of Windows partitions/drives, I’d also recommend DriveImage XML which is also very powerful yet simple (only free for private use). Windows 7 has also built-in backup and imaging tools, which you can give a try. But this post is about Clonezilla.

One important feature that Clonezilla does not offer out of the box is browsing images to restore single files. You can only restore complete partitions or drives.

But there is a way around this, which is discussed in this forum thread, although not perfect as it requires lots of time and disk space as well.

The basic approach is to convert the whole image into a (probably huge) img-file that can be easily mounted. In the forum post linked above several different commands are discussed depending on your image file.
Here I’d like to show you what worked for me.

In my case, the file was compressed using gzip and it was an image of a linux partition (ext3). I used Ubuntu Linux to mount the image. The steps I took:

  1. Install partclone (sudo apt-get install partclone)
  2. Prepare an img-file somewhere where enough free disk space is available:
    touch /dir-to-new-image/partition.img

    You should have at least as much free disk space as the size of the image there.

  3. Convert the clonezilla-image into the img-file:
    sudo cat /dir-to-images/partition.ext3.ptcl-img.gz.*
    | sudo gzip -d -c
    | sudo partclone.restore -C -s - -O /dir-to-new-image/partition.img

    (This is one line. Note the minus after -s. I overlooked it when I tried this first.)
    This will take some time, dependent on how big the image and how fast your drive(s).
    There are other commands in the forum thread for NTFS images and other compression formats.

  4. Mount the img-file:
    sudo mount -o loop -t ext3 /dir-to-new-image/partition.img /mnt

Thanks a lot to all posters of the forum mentioned above for these hints, especially bfitzhugh, nutria007, ttguy and gaebriel!

P.S.: It’s always good to have a (recent) backup 😉 One drive of mine just crashed after about two years in operation, so I know what I am talking about…

Think about what pain it would be if the drive of your laptop / desktop would crash just right now. If you get a bad feeling thinking about this, you should make a backup now.

14. February 2012

Horde language selection does not work

Filed under: Linux,Server Administration — Tags: , , , , , , , , — Christopher Kramer @ 13:22

When selecting a language at login, Horde webmailer does not change the language?

Here is what I found out what helps:

On Debian, run the following command:

dpkg-reconfigure locales

Then select the correct languages. I had only selected the UTF8 languages for German, but Horde needs the following ones:

de_DE ISO-8859-1
de_DE@euro ISO-8859-15

If you have the problem with another language, select the corresponding language.

On Ubuntu, the chosen languages are stored here:

/var/lib/locales/supported.d/

I had a file named “de” in there where my chosen languages where listed and I added the ISO-versions above. You can find all supported languages here:

less /usr/share/i18n/SUPPORTED

On Ubuntu, after you included your languages, you have to run the following command:

dpkg-reconfigure locales

Afterwards, you need to restart apache:

apache2ctl -k graceful

That’s the smoothest way. In case it does not work, use one of those:

apache2ctl restart
service apache2 restart
/etc/init.d/apache2 restart

Now refresh Horde and everything should work.

Another problem is the following: if you chose a language in your Horde settings (login, Global Options, Locale and time, Select your preferred language), this overwrites the language you chose on login. So select “default” there to be able to chose language on login.

Hope this helps somebody.

« Newer Posts