getting the following moving a mailbox to a new server using the zmmailboxmove CLI cmd:
Error occurred: system failure: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
checked the ts on all the server and they are all correct, I set the TZ correctly during installation of the new server.
this is prob an easy fix or something I am over looking, but I am in a crunch to get some mailboxes moved before a power loss to the existing building
thanks

which cert is validated for the mailmove?
I see my master server has certs that are expired for MTA and LDAP, but have been expired since March .... (not sure why they weren't created for 2 yrs like the mailboxd) .... but do I have to recreate the these for this to work? Or am I looking in the wrong place.
Here is the list of dates/certs from the admin console:
Server1 MTA:
Validation Days: Mar 11 15:20:21 2007 GMT - Mar 10 15:20:21 2008 GMT
Server1 mailboxd:
Validation Days: Mar 11 15:20:21 2007 GMT - Mar 10 15:20:21 2009 GMT
Server1 ldap:
Validation Days: Mar 11 15:20:21 2007 GMT - Mar 10 15:20:21 2008 GMT
Server 2 (new):
Certificate for Zimbra ldap Service:
Validation Days: Jul 9 18:37:58 2008 GMT - Jul 9 18:37:58 2009 GMT
Certificate for Zimbra mailboxd Service:
Validation Days: Jul 9 18:37:58 2008 GMT - Jul 9 18:37:58 2009 GMT
Certificate for Zimbra mta Service:
Validation Days: Jul 9 18:37:58 2008 GMT - Jul 9 18:37:58 2009 GMT
Certificate for Zimbra proxy Service:
Validation Days: Jul 9 18:37:58 2008 GMT - Jul 9 18:37:58 2009 GMT

cannot even backup my newly installed server zmbackup -f -a all -s server.name.com ... get same timestamp check failed....
5.0.7 on RHEL4 - clean install, everything installed but LDAP .... the ReplicaLDAP (ldap only) backs up just fine.
so much for having one domain moved to the new server by tomorrow

created new certificates to replace the two that had expired... waiting on a time to be able to cycle the server, I can see the new certs in the admin console, still getting same error when trying to backup (or anything for that matter) ....
In the instructions ::
this line didn't work: /opt/zimbra/bin/zmcertmgr deploycrt self
I compared the files with the ldap contents and ended up running zmprov for each (like 4.x). Hope there isn't something else the new one does that I am missing now.
and the chmod 644 to the keystores, had to do that, where v5 is says it doesn't and skip that step ...

just an update - that was it - for that error anyway ... getting backups again... I couldn't find partial instructions on transferring/creating new keys from the new ca on other servers in a multiple server environment, not that big an issue on ldap replica, but my new server I tried partial instructions from the full version and apparently messed up ... I got the error of wrong server when using mailboxmove and read it was with the tomcat ssl (well jetty I guess for 5 but couldn't find exact instructions for 5) so used the path from the ssl instructions to export from both servers, but on import of the new server I got an error of the keystore being tampered with, blah blah ... and at 1am, I just started a new install with that box ... at least it was new and there were no mailboxes on it ....
my test user wouldn't get mail from the new server after all that, kept getting lost connection for reason in the queue and the error was like the mailboxmove in the mailbox.log (wrong server, you want) ... deleting the mailbox and creating a new fixed the issue ...
back to sending mail in/out of my test box, then will try the mailboxmove again ...
I guess the "bigger" question I have... why if two keys expired in March, did it not complain until after the upgrade to 5.0.7??? Someone fix/add this check?