I kind of left the IDM gig at v3.61, and have been thrust in it again a
bit, so their may be some lapse in some new procedures on my part.

But I am at a fully patched IDM 4.5 system on rhel6. In trying to get
the edirtoedir SSL connection working through Designer(mutual trust), I
always get ssl errors when the drivers start to talk as seen on
ndstrace. I can post later--on the road.

I have even blown away both CAs in both Trees and re-created without a
CRL--which in the very long past ago would give me issues in 3.61. And
even in those days I would sometimes manually cross sign the edir certs
to each Tree using ConsoleOne. Cant do that anymore I suppose.

Designer throws no errors when creating the cert. It just doesn't work.
Manually creating a cert in each Tree using iManager works and can be

Am I running into any issue regarding SSLv3 being disabled and some
manual procedures or conf settings are having to be done somewhere?

One thing I will say is my Drivers are actually 3.61 versions that were
exported and imported into this system. So IDM engine/eDirectory is all
completely patched, but running eDir drivers that were imported from a
3.61 system--ie they have not been reconfigured yet for v4x. Perhaps
that conversion sets something with SSL?


mtsjej's Profile: https://forums.netiq.com/member.php?userid=6351
View this thread: https://forums.netiq.com/showthread.php?t=55131