----- "Ivan Ordonez" iordonez@nature.berkeley.edu wrote:
Looking at the debug log, it is expired. It puzzle me because the certs on the other two machine are working correctly.
Check their expiry dates with:
openssl x509 -in /usr/local/etc/openldap/ldap-slave_cert.pem -text
Since this is the case (certificate expires), is it safe to create a new one for this machine?
Of course, then sign it with the cacert, something like:
./CA.sh -newreq ./CA.sh -sign