Hi all,

I've been hacking on this for hours and hours.

My subscriber (ldap tree) edir server's edir 2 edir cert expired. I've been working since on getting new certs. No matter what I do, my ldap tree driver says

Driver: \SMITH_TREE\SC\driverset\LDAPToVault
Channel: Subscriber
Status: Retry
Message: Code(-9006) The driver returned a "retry" status indicating that the operation should be retried later. Detail from driver: java.io.IOException: SSL handshake failed, SSL_ERROR_SYSCALL, error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
[02/12/18 18:12:24.552]:LDAPToVault ST:Requesting 30 second retry delay.

I've tried to update them using Designer (but it doesn't seem to be creating the certs in the tree, so that doesn't help)

I've tried to create them in iManager, with I believe recent plugins, but
- from the LDAP side, it doesn't seem to make a difference
- from the vault side, I get this charming error:

Error: Driver Wizard - Error
The following 'Exception' was thrown but not handled.

''Unable to create the certificates. The following error occurred: java.lang.ClassFormatError: com/novell/security/japi/pki/NPKI_Extension''.

It's true that my LDAP tree hasn't been updated to the latest IDM version - my update schedule got hijacked. So it's still running 4.0.x. But if that were the problem, why was it working before the cert expired?

If I use s_client to connect to the servers on port 8192, the certs look clean.

And I did delete the existing certs before trying to regenerate them.

So, other than shooting myself, does anyone have suggestions?

Not a happy camper