Note: work in progress
Question:
My office 365 (o365) certificate is expired, and what can I do now?
Answer:
The connector normally uses the certificate from the computer on which it was installed, i.e. the certificate under /etc/univention/ssl/$hostname.$domainname/
But they will be copied again to another location and will not be renewed automatically.
There are two possible ways to proceed:
- If you have reniewed an existing certificate you have to set
ucr set FORCE_NEW_CERT=yes
rerun the office365 join-script
univention-run-join-scripts --force --run-scripts 40univention-office365.inst
and unset the ucrv again
ucr unset FORCE_NEW_CERT
- If you have created “any” certificate, then you must/can manually store the certificate in /etc/univention-office365, quasi as ‘cert.pem’, ‘cert.key’ and put the fingerprint extracted next to it.
openssl x509 -in cert.pem -fingerprint -noout | sed 's/SHA1 Fingerprint=//g' | sed 's/://g' | xxd -r -ps | base64 > cert.fp
Restart the univention-directory-listener
systemctl restart univention-directory-listener.service