Question : eDirectory Certificate Server SSL Error

We have a product that have pulls eDirectory user accounts on a scheduled basis.  However, we are encountering two issues:

>>>> When SSL is enabled on the product an error comes up when a sync is performed "...one of the certificates on the directory server is expired.  Please delete all expired certificates and try again..."  
I've ran PKI diag and it created a new SSL IP and SSL DNS objects in eDirectory for the configured server.  I've also checked the KMO object and it does not expire until 2014 or so for both the private and public keys.  I do see IP AG servername and DNS AG servername objects in eDirectory which have expired public key certs though I am not too sure what those are for.


>>>> With the same product, we can only sync with a group in eDirectory.  Selecting OUs and the entire tree does not work.  

Answer : eDirectory Certificate Server SSL Error

You will need to extract the TrustedRoot certificate for eDirectory and replace this with the old  certificate in your application. Check the configuration files and replace the newly cert in your application.