Q&A: My office-365 certificate is expired, and what can I do now?

Note: work in progress

Question:

My office-365 certificate is expired, and what can I do now?

Answer:

The connector normally uses the certificate from the computer on which it was installed, i.e. the certificate under /etc/univention/ssl/$hostname.$domainname/
But they will be copied again to another location and will not be renewed automatically.

There are two possible ways to proceed:

  1. If you have reniewed an existing certificate you have to set
    ucr set FORCE_NEW_CERT=yes
    rerun the office365 join-script
    univention-run-join-script --force --run-scripts 40univention-office365.inst
    and unset the ucrv again
    ucr unset FORCE_NEW_CERT
  2. If you have created “any” certificate, then you must/can manually store the certificate in /etc/univention-office365, quasi as ‘cert.pem’, ‘cert.key’ and put the fingerprint extracted next to it.
    openssl x509 -in cert.pem -fingerprint -noout | sed 's/SHA1 Fingerprint=//g' | sed 's/://g' | xxd -r -ps | base64 > cert.fp
    Restart the univention-directory-listener