I started getting SSL errors with my Zimbra mail server despite having a valid SSL certificate everywhere I knew where to check. When I tried to use
zmcontrol status I got this error:
Unable to start TLS: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed when connecting to ldap master.
Eventually I found this blog post explaining the problem – it’s with the LDAP component in Zimbra. You have to switch it from ldap to ldaps. Why did this change? I do not know.
ZIMBRA_HOSTNAME=_your_mail_server_dns_hostname_ sudo -u zimbra bash zmlocalconfig -e ldap_master_url=ldaps://$ZIMBRA_HOSTNAME:636 zmlocalconfig -e ldap_url=ldaps://$ZIMBRA_HOSTNAME:636 zmlocalconfig -e ldap_starttls_supported=0 zmlocalconfig -e ldap_port=636 zmcontrol stop zmcontrol start
This did the trick. The errors went away.