[Fedora-directory-users] Back in SSL hell again!

[Glenn]

So I'm just about to finish getting Windows Sync working between RH Directory 
Server 7.1SP3 and Active Directory.  The latest error message in the passsync 
log says "insufficient access", so I create an ACI that gives the replication 
manager access to everything, just to see if it will work.  Nope.  So I 
think, maybe I have to restart the Directory Server.  And then it fails to 
restart, logging the error message:

SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert 
server-cert of family cn=RSA,cn=encryption,cn=cconfig (Netscape Portable 
Runtime error -8181 - Peer's Certificate has expired.)

Yeah, right.  Here's a copy of the certificate:

[root at ourserver alias]# ./certutil -L -d ./ -n server-cert
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:43:78:57:00:00:00:00:00:0e
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer:
            "CN=OURCA,DC=ad,DC=ourshop,DC=edu"
        Validity:
            Not Before: Tue Nov 14 22:50:17 2006
            Not After : Thu Nov 13 22:50:17 2008
...
 
Now, I'll grant you that this little synchronization exercise FEELS like it 
has gone on for more than two years, but according to the certificate, it has 
taken barely two months so far, leaving the certificate good for another 22 
months.  Once again, the SSL error message seems to have little to do with 
reality.

I just restarted the server three hours earlier, and it worked fine then.  
Can anyone suggest what I might try now?  Thanks.   -Glenn.