Renew Certificate or Create New Certificate from Zimbra CLI

my emailLicense for one of our client get expired and current status is in grace period.

Accident happen when server was forced to shutdown due to electrical problem. When the server goes up nothing email server still down. I try to start the service manually.

$ zmcontrol start
Host mail.yourdomain.com
Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn’t exist.

Further investigation tell me about certificate expiration, I must renew it.

Here the steps :

# su – zimbra
$ /opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr must be run as user root
$ exit
logout

Hohoho, the command must run by root.

Begin by generating a new Certificate Authority (CA).

# /opt/zimbra/bin/zmcertmgr createca -new

** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf…done
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key…done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem…done.

Then generate a certificate signed by the CA that expires in 365 days.

# /opt/zimbra/bin/zmcertmgr createcrt -new -days 365

Validation days: 365
** Creating /opt/zimbra/conf/zmssl.cnf…done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20101009200401
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf…done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20101009200401
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr…done.
** Saving server config key zimbraSSLPrivateKey…failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr…done.

Next deploy the certificate.

# /opt/zimbra/bin/zmcertmgr deploycrt self

** Saving server config key zimbraSSLCertificate…done.
** Saving server config key zimbraSSLPrivateKey…done.
** Installing mta certificate and key…done.
** Installing slapd certificate and key…done.
** Installing proxy certificate and key…done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore…done.
** Installing CA to /opt/zimbra/conf/ca…done.

Next deploy the CA

# /opt/zimbra/bin/zmcertmgr deployca

** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS…done.
** Saving global config key zimbraCertAuthorityCertSelfSigned…done.
** Saving global config key zimbraCertAuthorityKeySelfSigned…done.
** Copying CA to /opt/zimbra/conf/ca…done.

To finish, verify the certificate was deployed to all the services.

# /opt/zimbra/bin/zmcertmgr viewdeployedcrt

::service mta::
notBefore=Oct  9 13:04:03 2010 GMT
notAfter=Oct  9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
SubjectAltName=
::service proxy::
notBefore=Oct  9 13:04:03 2010 GMT
notAfter=Oct  9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
SubjectAltName=
::service mailboxd::
notBefore=Oct  9 13:04:03 2010 GMT
notAfter=Oct  9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
SubjectAltName=
::service ldap::
notBefore=Oct  9 13:04:03 2010 GMT
notAfter=Oct  9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration

Suite/CN=mail.yourdomain.com
SubjectAltName=
#

done.

Try start the service :

~$ zmcontrol start
Host mail.yourdomain.com
Starting ldap…Done.
Starting logger…Done.
Starting convertd…Done.
Starting mailbox…Done.
Starting antispam…Done.
Starting antivirus…Done.
Starting snmp…Done.
Starting spell…Done.
Starting mta…Done.
Starting stats…Done.
$

How to make money online with adfly : tips and tricks

Never thought never cross my mind if sharing link will give money, at least potential resource for make money online through link until I put into small action and here’s current result :

What is URL shortener?

URL shortener is web service that provide long URL address into short address.

Not big as others who actively promote their link with adfly,  what I do is maximize my blog potential traffic.

Continue reading

Cisco Certified Network Associate (CCNA) 640 802

What CCNA stands for

CCNA stands for the Cisco Certified Network Associate. An certification from Cisco that get well known worldwide and become one of requirement for applying job in networking related field.

CCNA Salary

The salary from the picture taken from one of job board in UK. Like other job, salary depend on region/area, job requirements etc. The keys are : skill and experience. Your CCNA level means you can do the following task :

  • Install ability
  • Configure ability
  • Operate ability
  • Troubleshoot

medium-size and switched networks.

Plus implementation and verification of connection to remote sites inside a WAN.

How to Achieve CCNA Certification

To get CCNA certification you must earn passing score on Cisco exam (choose only one) :

  1. Cisco exam #640-802 : often called ccna 640 802.
  2. Cisco exam #640-822 AND #640-816 : often called ICND1640-822 and ICND2 640-816.

If you pass the test you’ll get a number that often use by certified CCNA under their name like :

CNNA xxxxx

( xxxxx is number issued by Cisco that valid for 3 years and you need to recertificate after that period ).

The passing score and exam questions are subject to change without notice.

Study CCNA Material / CCNA Study Guide

You can go to test center in your town that usually provide CCNA material plus the exam or you can prepare by yourself  by reading books, watch video tutorial and doing exam simulation. When you’re ready you can go to test center for certification.

>>> Books Recommendation

CCNA Official Exam Certification Library (Exam 640-802), Third Edition (Containing ICND1 and ICND2 Second Edition Exam Certification Guides) by Wendell Odom (save 37%)

CCNA Cisco Certified Network Associate Study Guide (Exam 640-802) (Certification Press) by by Richard Deal (save 37% )

CCNA: Cisco Certified Network Associate Study Guide: Exam 640-802 by Todd Lammle (save 37% )

The content of those book is great. One aspect I don’t understand clearly in one book get clear explanation in other book. Your experience my vary.

The other book that make me focus on daily learn ‘must accomplish skill‘  is :

31 Days Before Your CCNA Exam: A day-by-day review guide for the CCNA 640-802 exam (2nd Edition) by Allan Johnson (save 34% for this book)

This book has checklist as what I must prepare before taking the test.

>>> Software Test (Testing engine)

– If you do not pass the CCNA 640-802 exam (Cisco Certified Network Associate) on your first attempt using our pass4sure testing engine, they will give you a FULL REFUND of your purchasing fee.

>>> CCNA Video Training

Cisco CCNA Training

Where I can take online Test and When

For online test go to

http://www.vue.com/cisco

The best time depend on your motivation. Sign up today and count down yourself the date.

CCNA Certification Cost

$250 for 640 802 (composite test) or $125 for each ICND1 or ICND2.

How Long and How many Question

The test itself will just 90 minutes for questions between 50 – 60.

What you need for the Exam

Write Exam information :

  • location name
  • date test
  • time test (make sure to attend early)
  • phone number of exam place
  • supervisor name

How long I must wait for certification result

No need to wait, as soon as you complete the exam you’ll see immediate result whether you pass or failed. Supervisor will give you score report. Pay attention to the report as a breakou

t of each general each exam topic will be listed with percentage.

Receiving Your Hard Cover Certificate

If you pass the exam you’ll  get hard cover certificate. Just wait around 6-8 weeks for your certificate mailed to the address you provided during exam. Make sure to save it in safe place.

In case you don’t receive your certificate, visit this address :

http://ciscocert.force.com

and submit your case.

Next CCNA Certification Level

You can add CCNA in your curriculum vitae and if you eager to learn more challenge you might take more advance Cisco Certification like : CCNA Security
, CCNA Voice

and CCNA Wireless .

If you failed the exam

I hopeyou don’t but if you do, you must wait for 5 work days before take a retest. (of course you must pay again for this test and contact pass4sure and tell your failed to get full refund of your purchasing fee).

Happy studying and earn your CCNA certification.

Howto Check named configuration error

named can’t start its daemon and left me with nothing than confuse.

# /etc/init.d/bind9 restart

* Stopping domain name service… bind9                                                                                     rndc: connect failed: 127.0.0.1#953: connection refused
[ OK ]
* Starting domain name service… bind9                                 [fail]

fail message don’t give a clue, further investigation with named manual lead me to -g and -p .

Retry to see the error message :

# named -g -p 53

22-Jul-2010 07:34:10.333 starting BIND 9.7.0-P1 -g -p 53
22-Jul-2010 07:34:10.333 built with ‘–prefix=/usr’ ‘–mandir=/usr/share/man’ ‘-                                             -infodir=/usr/share/info’ ‘–sysconfdir=/etc/bind’ ‘–localstatedir=/var’ ‘–enable-threads’ ‘–enable-largefile’ ‘–with-libtool’ ‘–enable-shared’ ‘–enable-static’ ‘–with-openssl=/usr’ ‘–with-gssapi=/usr’ ‘–with-gnu-ld’ ‘–with-dlz-postgres=no’ ‘–with-dlz-mysql=no’ ‘–with-dlz-bdb=yes’ ‘–with-dlz-filesystem=yes                                             ‘ ‘–with-dlz-ldap=yes’ ‘–with-dlz-stub=yes’ ‘–with-geoip=/usr’ ‘–enable-ipv6                                             ‘ ‘CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2’ ‘LDFLAGS=-Wl,-Bsymbolic-funct                                             ions’ ‘CPPFLAGS=’
22-Jul-2010 07:34:10.333 adjusted limit on open files from 1024 to 1048576
22-Jul-2010 07:34:10.333 found 4 CPUs, using 4 worker threads
22-Jul-2010 07:34:10.333 using up to 4096 sockets
22-Jul-2010 07:34:10.340 loading configuration from ‘/etc/bind/named.conf’
22-Jul-2010 07:34:10.340 /etc/bind/named.conf.local:16: expected quoted string near ‘.’
22-Jul-2010 07:34:10.341 loading configuration: unexpected token
22-Jul-2010 07:34:10.341 exiting (due to fatal error)

I see, I made mistake in named.conf.local (expected quoted string)

View the error

# nano /etc/bind/named.conf.local

Save the file after editing and start bind9

# /etc/init.d/bind9 start

* Starting domain name service… bind9                                                          [ OK ]
#

Perfecto!

How to use filter in google apps email

I hate spam and more when they know my real email address.

But I need solution to stop them. Currently I use Google Apps service which use the same engine as gmail minus a few feature.

First step I use is using ‘Report Spam’ that available in each email display.

This solution is not help me to combat unwanted email that force me to join their mailing list until I use filter.

Yes, the same filter that gmail use.

First : copy and paste the email address.

Continue reading