Skip to main content

Scheduled Service Change: Upgrade of Enterprise Directory Test Env. New Intermed. Certificate, 4/5/20

Event:
2020-04-05 07:00:00
Expected Duration:
2020-04-05 09:00:00
Status:
Closed
Brief Description:
On Sunday, April 5, 2020, between 7:00am and 9:00am, the Enterprise Directory (LDAP) server’s intermediate USERTrust certificate will be upgraded.
User Impact:
If users have a client which relies on the current cert chain or if they use the root cert from a local copy, they should test their test configuration against the current test load balancer (eg. test.directory.cornell.edu) after the implementation date. This should only affect a very small number of consumers.
Services Affected:
Network
Full Description:
Cornell's Enterprise Directory server's intermediate USERTrust certificate is expiring and needs to be upgraded. These are the current (old), soon to be decommissioned servers. The cert is going to expire before Identity Management has the new directory servers mentioned in a previous communication fully deployed.

On Sunday, April 5, 2020, between 7:00am and 9:00am, the Enterprise Directory (LDAP) server’s intermediate USERTrust certificate will be upgraded.

For reference, DNS names that resolve to the current test environment load balancer are as follows:
• test.directory.cornell.edu

• testmaster.directory.cornell.edu
• testha.directory.cornell.edu
• testquery.directory.cornell.edu

Cert Changes
The cert chain has changed. Instead of a list of four certs, the chain will include three, with USERTrust RSA being root. If you have a client that relies on the current cert chain or if you use the root cert from a local copy, please test your test configuration against the load balancer after the implementation date.

This is not Cornell's Active Directory
These changes do not involve Cornell's Active Directory. Active directory LDAP servers reside within the *.ad.cornell.edu domain. E.g. query.ad.cornell.edu, testquery.ad.cornell.edu, lds.ad.cornell.edu, etc.

Please provide feedback for any concerns to idmgmt@cornell.edu.
CIT TDX ID:
CRQ000001037334



Timeline of Changes

Description Current Status Date Time
Cornell's Enterprise Directory server's intermediate USERTrust certificate is expiring and needs to be upgraded. These are the current (old), soon to be decommissioned servers. The cert is going to expire before Identity Management has the new directory servers mentioned in a previous communication fully deployed. On Sunday, April 5, 2020, between 7:00am and 9:00am, the Enterprise Directory (LDAP) server’s intermediate USERTrust certificate will be upgraded. For reference, DNS names that resolve to the current test environment load balancer are as follows: • test.directory.cornell.edu • testmaster.directory.cornell.edu • testha.directory.cornell.edu • testquery.directory.cornell.edu Cert Changes The cert chain has changed. Instead of a list of four certs, the chain will include three, with USERTrust RSA being root. If you have a client that relies on the current cert chain or if you use the root cert from a local copy, please test your test configuration against the load balancer after the implementation date. This is not Cornell's Active Directory These changes do not involve Cornell's Active Directory. Active directory LDAP servers reside within the *.ad.cornell.edu domain. E.g. query.ad.cornell.edu, testquery.ad.cornell.edu, lds.ad.cornell.edu, etc. Please provide feedback for any concerns to idmgmt@cornell.edu. 2020-03-28 13:46:18