The problem this morning was the radius and chat servers were not completely updated to deal
with the new certificate, so we rolled back to the old certificate.  We are
working on fixing that and will roll the servers to the new certificate again
tomorrow morning.

The difference this time is that tomorrow we are going to remove one of the servers from the pool and will be able to cause broken systems to be serviced by that server while
they are being fixed.

I will roll the systems to the new certificate between 6:45 and 7:00 tomorrow morning.


On 12/20/11 7:47 AM, Francis Swasey wrote:
> This change has failed.  We are rolling back the portion because too many systems
> failed.  We'll regroup and try again soon.
> Frank
> On 12/12/11 9:23 AM, Francis Swasey wrote:
>> On Tuesday, December 20, 2011 between 6:30AM and 7:30AM, the SSL certificate used by
>> and will be replaced. 
>> Since we deployed in 2002, we've been using a UVM created non-globally recognized
>> certificate.  That has required that people who wanted to authenticate to (and
>> have had to do unique customizations to their applications to work with the UVM
>> created SSL certificate.  Therefore, there does exist the possibility that this change will be
>> disruptive.  We believe that we have discovered and coordinated with all parties that are
>> responsible for applications that will be affected by this change.  We are not positive we have
>> been 100% successful in that contact though.
>> If you are responsible for an application that makes an SSL connection to or
>> and you have not been in contact with me and tested your application, please be
>> in contact with me this week and I will set you up to test against the test server.

Frank Swasey                    |
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
  "I am not young enough to know everything." - Oscar Wilde (1854-1900)