Hi All,
Running into a certificate error when trying configure LDAPS on SLE-15 and 1.6.0p9. I’ve installed the CA certificate for our Active Directory servers, as well as the server certificate, but testing the config is throwing “unable to get local issuer certificate”. While not detailed athttps://checkmk.com/cms_ldap.html, SLE-15 similar to Debian, copy the pem to /etc/pki/trust/anchors/ and run update-ca-certificates to update the system wide CA store. I’ve done this and restart apache, and the omd site, but it’s still throwing the error. I’m able to perform “ldapsearch -H ldaps://ad.server” from the command line successfully, so this is telling me it’s cmk specific.
I see there is a CA file at /omd/sites/mysite/var/ssl/ca-certificates.crt that has some 141 certificates entries. Does this file need to be updated to include the CA from our DC’s? If so, is there a way to update with omd/cmk or do I need to manually concatenate my CA to the end of the file?
Thanks!