Howto: Find eDirectory SSL certificates and determine when they expire


I’ve recently experienced some challenges releated to expired eDirectory SSL certificated on my Netware and OES servers.  I came across TIDs 10098567 and 3814248, which describe methods of querying eDirectory via LDAP to find expired or soon to be expired certificates.  

I was going to give these methods a try until I realized they required adding attributes to eDirectory by extending the schema.  I’m not wanting to rock the boat right now, so doing anything that could potentially have a negative impact on network availability is something I want to avoid.

Here’s the manual way I searched for eDirectory certificates.  I verified their expiration dates manually, which is a boring and repetative (but safe) procedure. 
  1. Launch ConsoleOne
  2. Highlight the NDS tree to search
  3. From the Edit menu select Find
  4. Check the Search Subcontainers check box
  5. Set Find Type: Advanced
  6. Select [Object Type] = NDSPKI:Key Material
  7. Press Find
  8. Right click on a certificate object and select Properties
  9. On the Certificates tab, Select Public Key Certificate.  Note the expiration date.
 Also see TID 7000075, which states OES SSL certificates expire two years after installation by default.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: