Symantec IGA

Hi all.

I have an IdM install with 12.6.7 version. I realized about 2 weeks ago that my provisioning server was down and when trying to start it, a message appeared on etatrans log with this:

Required directory DSA impd-main is not available.

This was on QA environment, I then realized that not only in this environment, but also in Production and in a personal environment I have on my laptop.

On my environment, I tried to install all again to figure out what was going, and I saw that Provisioning Directory installed ok, but then when trying to install Provisioning Server, it fails and shutdown installer. When I revised install logs, it said that provisionig server certificate was invalid.

With this in mind, I configured dates on all servers of my laptop environment, as if they where 3 months ago (I remembered that in that date, environments were working), and Provisioning Server installed OK.

Of course I can not alter my productive servers date, so how can I fix this issue? I installed all in ootb way.

Looking for expired certificates, I found an expired one at c:\program files\ca\directory\dxserver\config\ssld and is named impd_trusted.pem. Also, I saw that inside personalities directory, under the same path, several certificates are going to expire next month (these are named like hostname-impd-##.pem where ## is router, co, inc, main, notify).

Hello Julian,

There was recently an issue with our OOTB certificates where the ones shipped are expired. Please follow this communities post to update your certificates in their relevant location:

Resolution Steps for: Provisioning Certificates that expired on 6th Oct,2017 & Directory DSA certificates that expired on 25th Nov,2017 

This post will help you resolve your issue. Be sure to apply these steps in all of your environments. This issue has been fixed in Identity Manager 14.0 version and forwards. Only IDM 12.6.x and lower are affected.

Regards,

Andrew Nguyen