Ldaps certificate issuse on SLE-15

Hi All,

Running into a certificate error when trying configure LDAPS on SLE-15 and 1.6.0p9. I’ve installed the CA certificate for our Active Directory servers, as well as the server certificate, but testing the config is throwing “unable to get local issuer certificate”. While not detailed athttps://checkmk.com/cms_ldap.html, SLE-15 similar to Debian, copy the pem to /etc/pki/trust/anchors/ and run update-ca-certificates to update the system wide CA store. I’ve done this and restart apache, and the omd site, but it’s still throwing the error. I’m able to perform “ldapsearch -H ldaps://ad.server” from the command line successfully, so this is telling me it’s cmk specific.

I see there is a CA file at /omd/sites/mysite/var/ssl/ca-certificates.crt that has some 141 certificates entries. Does this file need to be updated to include the CA from our DC’s? If so, is there a way to update with omd/cmk or do I need to manually concatenate my CA to the end of the file?

Thanks!

The was being caused by the root CA not being included in the sites ca-certificates.crt, and after adding it the SSL connection test complete successfully. I will submit a bug for this.