The more we dig into this the more it looks like besides the problems that I was aware of,
there is something that was randomly failing in the PeopleSoft environment. Therefore, this
change will not be happening tomorrow morning.
On 12/20/11 11:54 AM, Francis Swasey wrote:
> The problem this morning was the radius and chat servers were not completely updated to deal
> with the new certificate, so we rolled ldap.uvm.edu back to the old certificate. We are
> working on fixing that and will roll the ldap.uvm.edu servers to the new certificate again
> tomorrow morning.
> The difference this time is that tomorrow we are going to remove one of the servers from the
> ldap.uvm.edu pool and will be able to cause broken systems to be serviced by that server while
> they are being fixed.
> I will roll the ldap.uvm.edu systems to the new certificate between 6:45 and 7:00 tomorrow morning.
> On 12/20/11 7:47 AM, Francis Swasey wrote:
>> This change has failed. We are rolling back the ldap.uvm.edu portion because too many systems
>> failed. We'll regroup and try again soon.
>> On 12/12/11 9:23 AM, Francis Swasey wrote:
>>> On Tuesday, December 20, 2011 between 6:30AM and 7:30AM, the SSL certificate used by
>>> ldap.uvm.edu and ldaprw.uvm.edu will be replaced.
>>> Since we deployed ldap.uvm.edu in 2002, we've been using a UVM created non-globally recognized
>>> certificate. That has required that people who wanted to authenticate to ldap.uvm.edu (and
>>> ldaprw.uvm.edu) have had to do unique customizations to their applications to work with the UVM
>>> created SSL certificate. Therefore, there does exist the possibility that this change will be
>>> disruptive. We believe that we have discovered and coordinated with all parties that are
>>> responsible for applications that will be affected by this change. We are not positive we have
>>> been 100% successful in that contact though.
>>> If you are responsible for an application that makes an SSL connection to ldap.uvm.edu or
>>> ldaprw.uvm.edu and you have not been in contact with me and tested your application, please be
>>> in contact with me this week and I will set you up to test against the test server.
Frank Swasey | http://www.uvm.edu/~fcs
Sr Systems Administrator | Always remember: You are UNIQUE,
University of Vermont | just like everyone else.
"I am not young enough to know everything." - Oscar Wilde (1854-1900)