I'm having some trouble to replace a expired eDir certificate in my
driverset. The DSTrace tool show me the following log messages :
> <nds dtdversion="4.0">
> <source>
> <product instance="ConnecteurNDS" version="">DirXML Driver for
> eDirectory</product>
> <contact>Novell, Inc.</contact>
> </source>
> <output>
> <status
> event-id="iam-edir-test#20150116090521#99#1:ae7eb952-2e7d-4789-d689-52b97eae7d2e"
> level="retry" type="app-connection">java.io.IOException:* SSL handshake
> failed, X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired*</status>
> </output>
> </nds>
> [01/21/2015 9:27:21.770] ConnecteurNDS ST:Applying schema mapping
> policies to input.
> [01/21/2015 9:27:21.771] ConnecteurNDS ST:Applying policy: mapping.
> [01/21/2015 9:27:21.771] ConnecteurNDS ST:Resolving association
> references.
> [01/21/2015 9:27:21.772] ConnecteurNDS ST:Requesting 30 second retry
> delay.
> [01/21/2015 9:27:21.772] ConnecteurNDS ST:
> DirXML Log Event -------------------
> Driver: \IDV\system\DriverSet\ConnecteurNDS
> Channel: Subscriber
> Status: Retry
> Message: Code(-9006) The driver returned a "retry" status
> indicating that the operation should be retried later. Detail from
> driver: java.io.IOException: SSL handshake failed,
> X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired

Witch seams clearly to me, the certificate that the driver uses to
communicate has expired. First I try to search the driver properties
(with iManager) to search for the certificate used and then check if
it's ok and if not (witch I'm assuming it's the case) replace it with a
new one, that I would create in Novell Certificate Server.

As I found nothing in the driver properties, I found the link 'Securing
Driver Communication' (http://tinyurl.com/kpgrvuh) from Novell's
website, but I didn't understand exactly how to do it with my driver.

In my case I have the IDVault that is connected to an eDirectory (so
just one driver), and when I go to NDS-to-NDS Driver Certificates, it
ask me for two driver's DN

How can I create a new certificate and replace the old one ?

Thanks in advance for your help,

MuadDib_II's Profile: https://forums.netiq.com/member.php?userid=8754
View this thread: https://forums.netiq.com/showthread.php?t=52632