----- "Ivan Ordonez" iordonez@nature.berkeley.edu wrote:

Looking at the debug log, it is expired. It puzzle me because the certs on the other two machine are working correctly.

Check their expiry dates with:

openssl x509 -in /usr/local/etc/openldap/ldap-slave_cert.pem -text

Since this is the case (certificate expires), is it safe to create a new one for this machine?

Of course, then sign it with the cacert, something like:

./CA.sh -newreq ./CA.sh -sign