Hi Guys, today, I get an error on my zimbra server. Zimbra Unable to start TLS. My zimbra version 8.8.12. Zimbra service does not start with the “zmcontrol start” command. I get this TLS error message after changing an inappropriate date.
detail error message is :
Host mail.mydomain.web.id
Starting ldap...Done.
Unable to start TLS: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed when connecting to ldap master.
The result of googling I found was the zimbra forum.
https://forums.zimbra.org/viewtopic.php?t=65875
I get 2 conclusions :
- Disable SSLv3 (wiki link).
- Change ldap_starttls parameter setting.
I didn’t choose option 1, because in the future if I select option 1 with disable SSLv3, I don’t know my user who has accessed my zimbra server with a variety of devices. I’m afraid if SSLv3 is disabled it will affect SSL compatibility in the mail client.
finally I decided for the second option, which is to edit the ldap_starttls parameter.
I run the command below:
root@mail ~# su - zimbra
Last login: Tue Jul 16 14:23:39 WIB 2019 on pts / 0
zimbra@mail ~ $ zmlocalconfig -e ldap_starttls_required = false
zimbra@mail ~ $ zmlocalconfig -e ldap_starttls_supported = 0
After running the zommand. run zmcontrol start again.