Dear All,
I am quite busy during this months and I am not following the community (sorry about that to all users). Today I found the time to upgrade XG to latest MR (from 17 MR1 to MR2) and the POPIMAP daemon does not start.
See the screenshot.
Running services -S from advanced shell reports this status:
The warren service does not start. If I try to start it using the service command, the output is:
service warren:start -dsnosync503 Service Failed
More info from warren.log file:
Regards
Hi Luk,
Check the certificate binding for IMAPS/POPS in your config.
The default is to use the SecurityAppliance CA certificate.
Here's the extract from a working /cfs/prxoy/warren/conf/policy.conf file (removing the ssl_password entry):
POPS_IMAPS_SSL { ssl_deny_invalid_cert off ssl_trusted_cacert_dir "/conf/certificate/cacerts/" ssl_cert_file "/conf/certificate/cacerts/SecurityAppliance_SSL_CA.pem" ssl_key_file "/conf/certificate/caprivate/SecurityAppliance_SSL_CA.key" ssl_password "*****" OEM_value "SecurityAppliance"}
ChrisKnight,
the certificate used by XG depends on the initial configuration. Mine is coming from v15 and default CA was used since then. Anyway I was able to fix it by switching to default_SSL_CA, restart the warren service from advanced shell, switch back the default CA and then restart the service again.
During the upgrade, the XG lost something.
It was working good since MR1.
hi,
thank you for feedback.
Please share the backup of the appliance. I am sharing my email id on PM.
Regards,
Deepti
Sent a PM.
The upgrade screwed over the policy.conf file.
There's no way you should have the private key for a third party public CA certificate. If you do then someone's CA signing and distribution process is horribly, horribly broken.
I'm about to come to the conclusion the only reliable way to upgrade XG is to Backup, then wipe all configs to zero, upgrade, then import backup.