Folks,

The more we dig into this the more it looks like besides the problems that I was aware of,
there is something that was randomly failing in the PeopleSoft environment.  Therefore, this
change will not be happening tomorrow morning.

Frank

On 12/20/11 11:54 AM, Francis Swasey wrote:
> The problem this morning was the radius and chat servers were not completely updated to deal
> with the new certificate, so we rolled ldap.uvm.edu back to the old certificate.  We are
> working on fixing that and will roll the ldap.uvm.edu servers to the new certificate again
> tomorrow morning.
>
> The difference this time is that tomorrow we are going to remove one of the servers from the
> ldap.uvm.edu pool and will be able to cause broken systems to be serviced by that server while
> they are being fixed.
>
> I will roll the ldap.uvm.edu systems to the new certificate between 6:45 and 7:00 tomorrow morning.
>
> Frank
>
> On 12/20/11 7:47 AM, Francis Swasey wrote:
>> This change has failed.  We are rolling back the ldap.uvm.edu portion because too many systems
>> failed.  We'll regroup and try again soon.
>>
>> Frank
>>
>> On 12/12/11 9:23 AM, Francis Swasey wrote:
>>> On Tuesday, December 20, 2011 between 6:30AM and 7:30AM, the SSL certificate used by
>>> ldap.uvm.edu and ldaprw.uvm.edu will be replaced. 
>>>
>>> Since we deployed ldap.uvm.edu in 2002, we've been using a UVM created non-globally recognized
>>> certificate.  That has required that people who wanted to authenticate to ldap.uvm.edu (and
>>> ldaprw.uvm.edu) have had to do unique customizations to their applications to work with the UVM
>>> created SSL certificate.  Therefore, there does exist the possibility that this change will be
>>> disruptive.  We believe that we have discovered and coordinated with all parties that are
>>> responsible for applications that will be affected by this change.  We are not positive we have
>>> been 100% successful in that contact though.
>>>
>>> If you are responsible for an application that makes an SSL connection to ldap.uvm.edu or
>>> ldaprw.uvm.edu and you have not been in contact with me and tested your application, please be
>>> in contact with me this week and I will set you up to test against the test server.
>>>

-- 
Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
  "I am not young enough to know everything." - Oscar Wilde (1854-1900)