Christopher Wood wrote: > You can use certutil to manually modify the cert stores. If you installed via rpm this will already be on your systems. > > Not at my work systems so I don't recall which package it's in. nss-tools. Do you already have the new certificate? If you have it in PKCS#12 format then you can use pk12util to load it into the appropriate NSS database (I'm not sure where the admin server db is, you should be able to find it in the admin server configuration). If you have an updated certificate in the 389-ds NSS database under a different nickname and you just need to tell it to use the new one you can edit /etc/dirsrv/slapd-INSTANCE/dse.ldif and tell it the nickname to use. Look for nsSSLPersonalitySSL rob > On Tue, Mar 01, 2011 at 07:27:53PM -0800, jon heise wrote: >> Recently i had ssl certs expire on my directory servers, currently i have >> one running without using an ssl cert, the secondary server is still set >> to use the old cert and as such it is not functioning.ï On the primary >> server the admin server has been set to use a new self signed cert but we >> are locked out of that.ï Is there a way to change what cert the ldap >> server will load without the use of the admin server ? > >> -- >> 389 users mailing list >> 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users