Durante l’aggiornamento del certificato di zimbra può uscire il seguente problema
** Creating file ‘/opt/zimbra/ssl/zimbra/jetty.pkcs12'
ERROR: openssl pkcs12 export to '/opt/zimbra/ssl/zimbra/jetty.pkcs12' failed(1):
Error creating PKCS12 MAC; no PKCS12KDF support?
Use -nomac if MAC not required and PKCS12KDF support not available. 80A2D013DE7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (PKCS12KDF : 188), Properties (<null>)
80A2D013DE7F0000:error:1180006B:PKCS12 routines:pkcs12_gen_mac:key gen error:crypto/pkcs12/p12_mutl.c:147:
80A2D013DE7F0000:error:1180006D:PKCS12 routines:PKCS12_set_mac:mac generation error:crypto/pkcs12/p12_mutl.c:220:
Per risolvere questo problema editare il file /opt/zimbra/bin/zmcertmgr alla riga 1817 e 1878 e aggiungere “-nomac”
nano /opt/zimbra/bin/zmcertmgr
@out = $self->run( $self->Openssl, "pkcs12", "-inkey", $keyf,
"-in", $crtf, "-name", $server,
"-export", "-out", $pkcsf, "-passout",
"pass:$kpass", "-nomac", "2>&1"
);
Buon Lavoro
MAL