Scheduled Service Change: Upgrade Enterprise Directory (LDAP) Production Intermediate Certificate
Event:
2020-04-26 11:00:00
Expected Duration:
2020-04-26 13:00:00
Status:
Closed
Brief Description:
On Sunday, April 26, 2020, between 7am and 9am, the Cornell Enterprise Directory (LDAP) servers' intermediate USERTrust Certificate will be upgraded.
User Impact:
This change should affect only a small number of users. If users have a client that relies on the current certificate chain, or if they use the root certificate from a local copy, they should check that their configuration still functions against the current production load balancer (e.g., directory.cornell.edu) after the implementation date.
Services Affected:
Identity and Access Management Data Services
Full Description:
Dear Enterprise Directory (LDAP) Users,
The Cornell Enterprise Directory (LDAP) servers' intermediate USERTrust Certificate is expiring and needs to be upgraded. These are the current (old), soon to be decommissioned servers. The certificate will expire before Identity Management has the new directory servers (mentioned in a previous communication) fully deployed.
The new intermediate USERTrust Certificate will be implemented on Sunday, April 26, 2020.
For reference, these are the DNS names that resolve to the current production environment load balancer.
• directory.cornell.edu
• master.directory.cornell.edu
• prodha.directory.cornell.edu
• query.directory.cornell.edu
Certificate Changes
The certificate chain has changed. Instead of a list of four certificates, the chain will include three, with USERTrust RSA being root. If you have a client that relies on the current certificate chain, or if you use the root certificate from a local copy, please check that your production configuration still functions properly against the load balancer after the implementation date.
This Is Not Cornell’s Active Directory
These changes do not involve Cornell’s Active Directory. Active Directory LDAP servers reside within the *.ad.cornell.edu domain (e.g., query.ad.cornell.edu, testquery.ad.cornell.edu, lds.ad.cornell.edu).
Please provide feedback or any concerns to idmgmt@cornell.edu.
Thank you for your assistance,
Identity Management
Cornell Information Technologies
The Cornell Enterprise Directory (LDAP) servers' intermediate USERTrust Certificate is expiring and needs to be upgraded. These are the current (old), soon to be decommissioned servers. The certificate will expire before Identity Management has the new directory servers (mentioned in a previous communication) fully deployed.
The new intermediate USERTrust Certificate will be implemented on Sunday, April 26, 2020.
For reference, these are the DNS names that resolve to the current production environment load balancer.
• directory.cornell.edu
• master.directory.cornell.edu
• prodha.directory.cornell.edu
• query.directory.cornell.edu
Certificate Changes
The certificate chain has changed. Instead of a list of four certificates, the chain will include three, with USERTrust RSA being root. If you have a client that relies on the current certificate chain, or if you use the root certificate from a local copy, please check that your production configuration still functions properly against the load balancer after the implementation date.
This Is Not Cornell’s Active Directory
These changes do not involve Cornell’s Active Directory. Active Directory LDAP servers reside within the *.ad.cornell.edu domain (e.g., query.ad.cornell.edu, testquery.ad.cornell.edu, lds.ad.cornell.edu).
Please provide feedback or any concerns to idmgmt@cornell.edu.
Thank you for your assistance,
Identity Management
Cornell Information Technologies
CIT TDX ID:
CRQ000001037914
Timeline of Changes
| Description | Current Status | Date | Time |
|---|---|---|---|
| Dear Enterprise Directory (LDAP) Users, The Cornell Enterprise Directory (LDAP) servers' intermediate USERTrust Certificate is expiring and needs to be upgraded. These are the current (old), soon to be decommissioned servers. The certificate will expire before Identity Management has the new directory servers (mentioned in a previous communication) fully deployed. The new intermediate USERTrust Certificate will be implemented on Sunday, April 26, 2020. For reference, these are the DNS names that resolve to the current production environment load balancer. • directory.cornell.edu • master.directory.cornell.edu • prodha.directory.cornell.edu • query.directory.cornell.edu Certificate Changes The certificate chain has changed. Instead of a list of four certificates, the chain will include three, with USERTrust RSA being root. If you have a client that relies on the current certificate chain, or if you use the root certificate from a local copy, please check that your production configuration still functions properly against the load balancer after the implementation date. This Is Not Cornell’s Active Directory These changes do not involve Cornell’s Active Directory. Active Directory LDAP servers reside within the *.ad.cornell.edu domain (e.g., query.ad.cornell.edu, testquery.ad.cornell.edu, lds.ad.cornell.edu). Please provide feedback or any concerns to idmgmt@cornell.edu. Thank you for your assistance, Identity Management Cornell Information Technologies | 2020-04-23 | 18:04:14 |