故障现象：

#su - zimbra

$zmcontral status

提示：

1. Unable to determine enabled services from ldap.

2. Enabled services read from cache. Service list may be inaccurate.

出现这些情况的原因主要有四种，很可能为证书过期或失效这种原因，解决这个问题的方法其实也非常简单，就是重新签发ZCS证书即可，下面就讲一下证书签发的过程及情况，其他原因造成ZCS因LDAP问题无法启动部分服务的原因我会有空时发帖总结，谢谢支持。

分为两种情况：
一 ZCS服务正常，但想延长证书使用的时间；
用root执行里下命令，签发一个可以使用20年的证书。

执行完成后重启postfix服务即可生效，命令为：#postfix reload。
二 、如果ZCS服务已经无法全部启动，那么先停止ZCS服务，执行以上命令后，再启动ZCS服务即可。

经测试，签发20年的证书全部成功，签发50年的证书可能会失败。
下面为签发的过程（此过程中有部分failed，仅供参考，实际成功签发时代码不同）：

[root@mail ~]#  /opt/zimbra/bin/zmcertmgr createca -new

** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done

** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.

** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.

[root@mail ~]# /opt/zimbra/bin/zmcertmgr deployca

** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.

** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.

** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.

** Copying CA to /opt/zimbra/conf/ca...done.

[root@mail ~]# /opt/zimbra/bin/zmcertmgr createcrt -new -days 7300

Validation days: 7300

** Creating /opt/zimbra/conf/zmssl.cnf...done

** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20130813223625

** Generating a server csr for download self -new -keysize 1024

** Creating /opt/zimbra/conf/zmssl.cnf...done

** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20130813223625

** Retrieving Commercial CA cert from ldap...failed.

** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.

** Saving server config key zimbraSSLPrivateKey...failed.

** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr...done.

[root@mail ~]# /opt/zimbra/bin/zmcertmgr deploycrt self

** Saving server config key zimbraSSLCertificate...failed.

** Saving server config key zimbraSSLPrivateKey...failed.

** Installing mta certificate and key...done.

** Installing slapd certificate and key...done.

** Installing proxy certificate and key...done.

** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done.

** Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done.

** Installing CA to /opt/zimbra/conf/ca...done.

[root@mail ~]# /opt/zimbra/bin/zmcertmgr viewdeployedcrt

::service mta::

notBefore=Aug 13 14:36:34 2013 GMT

notAfter=Aug  8 14:36:34 2033 GMT

subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn

issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn

SubjectAltName=

::service proxy::

notBefore=Aug 13 14:36:34 2013 GMT

notAfter=Aug  8 14:36:34 2033 GMT

subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn

issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn

SubjectAltName=

::service mailboxd::

notBefore=Aug 13 14:36:34 2013 GMT

notAfter=Aug  8 14:36:34 2033 GMT

subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn

issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn

SubjectAltName=

::service ldap::

notBefore=Aug 13 14:36:34 2013 GMT

notAfter=Aug  8 14:36:34 2033 GMT

subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn

issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration Suite/CN=mail.test.gd.cn

SubjectAltName=

[root@mail ~]# ::service ldap::

-bash: ::service: command not found

[root@mail ~]# su - zimbra

[zimbra@mail ~]$ zmcontrol start

Host mail.test.gd.cn

Starting ldap...Done.

Starting zmconfigd...Done.

Starting logger...Done.

Starting mailbox...Done.

Starting antispam...Done.

Starting antivirus...Done.

Starting snmp...Done.

Starting spell...Done.

Starting mta...Done.

Starting stats...Done.

You have new mail in /var/spool/mail/zimbra