Wednesday, April 5, 2006

Certificate Expiration Dates #2

A quick fix for an expired simple mode cert is to simply copy the 3 .pem files from the ../config/simple directory of a component that is still working, and restart the service. These certificate files are completely interchangeable within an environment (I think that the only requirement is that they need to be generated using the same passphrase). When copying between Access and Identity components, be sure to change the file name prefix (ois/aaa).

To quickly identify the expiry date of a simple mode certificate on a Windows system, make a copy of the cert file (ois_cert.pem or aaa_cert.pem), rename the extension to .cer, and double-click it.

Also see: NulliBlogs - COREid Nitty-Gritty: Certificate Expiration Dates

1 comment:

  1. Just another note .. if you have COREid -> Access Server Cache flush enabled, MAKE SURE that the certs are the same for the Access and Identity systems. Otherwise, the communication between servers will fail.

    ReplyDelete