Technically this is not 100% an IDM issue, but IDM users will see it!

I have been at a number of places now where DirXML or IDM were
installed, worked fine, no one touched them, then they suddenly fail.

If it is oddly 2 years after the initial install, it is a dead giveaway
a Cert expired.

On Netware, 5 minutes, PKIDIAG, restart the driver, and all is well.

Now, PKIDIAG is deprectaed and you are supposed to use iManager, with
the new PKI plugin.

I and several others who have discussed this feel very strongly, that
this is potentially one of the worst iManager snapins ever from a user
experience!!

So, imagine you have my scenario... Is there an option to Rekey certs?
Check Certificate Health? Fix Certificates?

No, it is labelled, Create Default Certificates. I consider this very
NON intuitive, and in fact even after reading the TID that tells how to
do this, hesitant, since the name is so wrong! I did not want to create
new ones... I wanted to fix broken ones...

I wonder if any of the Novell folks can pass this back to whoever wrote
this NPM to make it a better user experience!!

Also, I believe this to be true, that the latest PKIDIAG.NLM's were
checking and Re-keying all Certs attached to the server, when you ran
it. This I consider a good thing. (I.e. It only rekeyed those that
needed it, but it DID fix custom certs, if they were expired! Which is
great!). It appears that the iManager PKI.NPM only recreates the
Default certs...

The functionality to get all the certs on teh server fixed would be
wonderful to have back...