It appears the procedure used to install a self-signed certificate from our AD domain controller 1 year ago may not have been correct, as the certificate expired yesterday... :-(
In re-reading various posts, it seems the Enterprise root CA cert was supposed to be imported using java keytool, not just the domain controller cert.
I believe I have now corrected this situation and imported a valid root certificate, but using the "test" button in the admin gui authentication setup shows the old expired cert is still cached.
Is there a way to re-load the cert without restarting zimbra? Some java keystore cache flush perhaps? This is a production server, so I would like to avoid a mailboxd restart if I can. Most of our users authentication via a custom webportal, and for those who must use the ZCS login page, I've disabled LDAPS for now.
This is ZCS 6.05NE on Ubuntu 8.04-64