Unable to login to update expired AD certificate

  • 7018517
  • 24-Jan-2017
  • 24-Jan-2017


Self Service Password Reset
SSPR 4.x
SSPR 4.0 appliance


Unable to login to update expired AD certificate
LDAP Certificate expired, can't login to ConfigEditor to change it
How to update cert without logging in to ConfigManager or ConfigEditor


Do the following:
1. Log in to the sspr admin console at  https://<dns-name>:9443  
2. Go to "Administrative Commands"
3. Select the option to “Unlock Configuration." This option allows the configuration to be edited without LDAP authentication.
4. Restart your browser
5. Go to https://<dns-name>/sspr.  
6. A prompt will apear saying that you are in configuration mode. Click OK.
7. You will be prompted to sign in. Instead of signing in, click the down arrow in the top right hand corner of the screen and select “Configuration Editor.”
8. Enter the configuration password when prompted.
9. In Configuration Editor go to “LDAP” and select the desired LDAP Directory profile. 
10. Under "LDAP Certificates" clear the LDAP certificate and import the new one.
11. Save the configuration.
12. Go back into the administrative commands in the admin console per steps 1 and 2, and lock the configuration.