2020-04-05 11:00:00

2020-04-05 13:00:00

Closed

On Sunday, April 5, 2020, between 7:00am and 9:00am, the Enterprise Directory (LDAP) server’s intermediate USERTrust certificate will be upgraded.

If users have a client which relies on the current cert chain or if they use the root cert from a local copy, they should test their test configuration against the current test load balancer (eg. test.directory.cornell.edu) after the implementation date. This should only affect a very small number of consumers.

Cornell's Enterprise Directory server's intermediate USERTrust certificate is expiring and needs to be upgraded. These are the current (old), soon to be decommissioned servers. The cert is going to expire before Identity Management has the new directory servers mentioned in a previous communication fully deployed.

On Sunday, April 5, 2020, between 7:00am and 9:00am, the Enterprise Directory (LDAP) server’s intermediate USERTrust certificate will be upgraded.

For reference, DNS names that resolve to the current test environment load balancer are as follows:
• test.directory.cornell.edu
• testmaster.directory.cornell.edu
• testha.directory.cornell.edu
• testquery.directory.cornell.edu

Cert Changes
The cert chain has changed. Instead of a list of four certs, the chain will include three, with USERTrust RSA being root. If you have a client that relies on the current cert chain or if you use the root cert from a local copy, please test your test configuration against the load balancer after the implementation date.

This is not Cornell's Active Directory
These changes do not involve Cornell's Active Directory. Active directory LDAP servers reside within the *.ad.cornell.edu domain. E.g. query.ad.cornell.edu, testquery.ad.cornell.edu, lds.ad.cornell.edu, etc.

Please provide feedback for any concerns to idmgmt@cornell.edu.

CRQ000001037334