Q&A: Office 365 certificate is expired, and what can I do now?

Note: work in progress


My office 365 (o365) certificate is expired, and what can I do now?


The connector normally uses the certificate from the computer on which it was installed, i.e. the certificate under /etc/univention/ssl/$hostname.$domainname/
But they will be copied again to another location and will not be renewed automatically.

There are two possible ways to proceed:

  1. If you have reniewed an existing certificate you have to set
    ucr set FORCE_NEW_CERT=yes
    rerun the office365 join-script
    univention-run-join-scripts --force --run-scripts 40univention-office365.inst
    and unset the ucrv again
    ucr unset FORCE_NEW_CERT
  2. If you have created “any” certificate, then you must/can manually store the certificate in /etc/univention-office365, quasi as ‘cert.pem’, ‘cert.key’ and put the fingerprint extracted next to it.
    openssl x509 -in cert.pem -fingerprint -noout | sed 's/SHA1 Fingerprint=//g' | sed 's/://g' | xxd -r -ps | base64 > cert.fp
    Restart the univention-directory-listener
    systemctl restart univention-directory-listener.service
1 Like