Howto: Find eDirectory SSL certificates and determine when they expire

I’ve recently experienced some challenges releated to expired eDirectory SSL certificated on my Netware and OES servers.  I came across TIDs 10098567 and 3814248, which describe methods of querying eDirectory via LDAP to find expired or soon to be expired certificates.  

I was going to give these methods a try until I realized they required adding attributes to eDirectory by extending the schema.  I’m not wanting to rock the boat right now, so doing anything that could potentially have a negative impact on network availability is something I want to avoid.

Here’s the manual way I searched for eDirectory certificates.  I verified their expiration dates manually, which is a boring and repetative (but safe) procedure. 
  1. Launch ConsoleOne
  2. Highlight the NDS tree to search
  3. From the Edit menu select Find
  4. Check the Search Subcontainers check box
  5. Set Find Type: Advanced
  6. Select [Object Type] = NDSPKI:Key Material
  7. Press Find
  8. Right click on a certificate object and select Properties
  9. On the Certificates tab, Select Public Key Certificate.  Note the expiration date.
 Also see TID 7000075, which states OES SSL certificates expire two years after installation by default.

Leave a Reply

Your email address will not be published. Required fields are marked *