Retire the previous certificate by removing it from the topology registry after it expires. Remove the previous certificate from the topology registry, as shown in the following example. $ dsconfig -n set-server-instance-listener-prop \ --instance-name <instance-name> \ --listener-name ldap-listener-mirrored-config \ --set "listener-certificate<new-server-cert.crt"
Remove the previous certificate from the topology registry, as shown in the following example. $ dsconfig -n set-server-instance-listener-prop \ --instance-name <instance-name> \ --listener-name ldap-listener-mirrored-config \ --set "listener-certificate<new-server-cert.crt"