Automatic certificate renewal for sldap connection

Idea ID 2799422

Automatic certificate renewal for sldap connection

Microsoft does automatically renew their AD server certificates using a certificate template.
By default the certificates are automatically renewed 45 days before the certificate expires.

If you have an sldap connection to an AD system the ZCM System has no knowledge of this certificate renewal.

In this case the connection to the ldap store is broken and the effects are, that users can't authenticate to the ZCM environment.

ZCM should be able to start a periodic check of the certificate renewal. At the time which ZCM expect a certificate expiration. As example the popup warning that in 60 days the certificate will expire.

At this time ZCM should start a dayly check of the certificate. At the time it will be changed as example 45 days before the actual expiration (by the default Microsoft certificate template), the certificate should be automatically renewed.

In that case we would prevent, that LDAP connecstions being broken
6 Comments
Absent Member.
Absent Member.
This sounds like a good idea. I would like the nag window to only be shown to super administrators because in our environment, 99% of the ZCM admins are not super admins and only manage devices, not the zone like us zone admins, who are super admins. We have recently gone through an expiring zone cert and that nag pop-up was confusing and unnecessary for most of the admins. Thanks!
Absent Member.
Absent Member.
sometimes we have the same problem with broken connection to the LDAP.
Outstanding Contributor.
Outstanding Contributor.
Annoying issue.
Absent Member.
Absent Member.
Have a look at UTM software. UTM is a linux based OS. This software has this option. It is used for SSO there but this option could also be used for certificate renewal. UTM has a join to AD button. When AD credentials are filled up, and Join to AD is selected, a computer object with the name of the server will be created in Active Directory. After that the computer is trusted by AD and it will also receive new certificates from DC. So this could also be created on ZCM
Absent Member.
Absent Member.
It's a must, we have a lot of disconnecting issues by certificate renewal.
Micro Focus Expert
Micro Focus Expert

Would be a wonderful addition and concur necessary

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.