I have a query regarding the replacement of the AD Driver SSL
certificate. I am comfortable with the basic process and have completed
this before. But since the last time the certificate was issued we have
changed our Novell Organizational CA so that it is now a Subordinate CA
to our MS CA.

I am happy that I need to create a new SSL certificate on the server
that hosts the AD Driver and change the KMO name in the connection
string. I have done that before.

My question is do I need to update the .b64 trusted certificate in the
keystore on the Remote Loader Server. This has the name of our Org CA,
which has not changed at all as we kept it the same when we made it
subordinate. The reason I ask this is that there is no longer a self
signed certificate associated with the Org CA as it has a new cert
signed by the MS CA. Note that the Remote Loader is running on a DC
which is also performing the MS CA role.

Any advice would be appreciated as I need to get this done in the next
day or two.


Stuart Kett

Big_Stu's Profile: https://forums.netiq.com/member.php?userid=299
View this thread: https://forums.netiq.com/showthread.php?t=52742