An issue in Oracle Traffic Director (OTD) that has become somewhat common, is to get SSL certificate warnings similar to the one below:
SSL server certificate Admin-Server-Cert is expired.
This typically happens if the Admin SSL CA Cert has expired. So, to prevent this, the CA/SSL certificates should be renewed before their expiry dates by extending it, which could be from 1 to 10 years. There are 2 approaches:
1. To artificially set the Admin-Server host clock
2. To create a new Admin server to replace the old one (but may lose old configured SSL keys)
However, at that point it may also happen that you get a certificate for one year and would like it for ten years. And even when the
the command below runs successfully, the expire dates are not changed:
./bin/tadm renew-admin-certs --user= --port= --validity=120
The problem there is that without applying the latest patch, currently the Admin Node(s) certificate will be valid for only 1 year and it requires renewal each year. So, to avoid renewing the Admin Node(s) certificate every year, you need to apply the patch 184.108.40.206.2 MLR#2 (Apr 2014) for OTD version 220.127.116.11 or later. After the patch, the startup banner will have a proper new date, and when you renew Admin Server certificates will also renew the Admin Nodes(s) certificates for same number of years.
For further information, please take a look at the following MOS notes:
- Oracle Traffic Director OTD Cannot Communicate Between Admin Server & Administration Node (Doc ID 1561339.1)
- Oracle Traffic Director Admin Server and Admin Node Certificate Validity (Doc ID 1603520.1)
- How to Renew Admin Server SSL Certificate for Oracle Traffic Director? (Doc ID 1549253.1)
- Available Versions, Patches, and Updates for Download for Oracle Traffic Director (OTD) (Doc ID 1676256.1)