Hi, everyone.

I have client with a BorderManager 3.8 S2S VPN that was set up two years ago
Monday. Single eDirectory tree - originally the slave server was built at
the main site and the server certificate for the slave side of the tunnel
was created without issue. Client called on Monday and you guessed it -
certificates had expired and the tunnel went down. I was able to create a
replacement certificate for the master server and the main site tunnel side
appears to be up once again, but because the server cert at the slave site
has expired at the same time, we can not get that end back up. When the
client tries to re-generate the server cert out there, she get an error. The
system correctly tells her that it can not find the server that is acting as
the certificate authority (because it is on the other side of the collapsed
VPN tunnel).

Is there a way we can create a new server certificate for the server at the
slave site from the main site, without having to bring the slave server back
to the main site? I am worried about corrupting the NDS replica ring by
bringing the server back and changing its IP to allow it onto the main
site's network (not to mention the hassle of moving the server back and
forth just to create a replacement certificate).

Any suggestions?

Thanks in advance,