I’ve recently experienced some challenges releated to expired eDirectory SSL certificated on my Netware and OES servers. I came across TIDs 10098567 and 3814248, which describe methods of querying eDirectory via LDAP to find expired or soon to be expired certificates.
I was going to give these methods a try until I realized they required adding attributes to eDirectory by extending the schema. I’m not wanting to rock the boat right now, so doing anything that could potentially have a negative impact on network availability is something I want to avoid.
Here’s the manual way I searched for eDirectory certificates. I verified their expiration dates manually, which is a boring and repetative (but safe) procedure.
- Launch ConsoleOne
- Highlight the NDS tree to search
- From the Edit menu select Find
- Check the Search Subcontainers check box
- Set Find Type: Advanced
- Select [Object Type] = NDSPKI:Key Material
- Press Find
- Right click on a certificate object and select Properties
- On the Certificates tab, Select Public Key Certificate. Note the expiration date.
Also see TID 7000075, which states OES SSL certificates expire two years after installation by default.