/
LDAPs connection error: “unable to get issuer certificate”

LDAPs connection error: “unable to get issuer certificate”

LDAPs authentication can sometimes fail or stop working due to certificate validation issues after updates or configuration changes.

LAST TESTED ON CHECKMK 2.4.0P1

Table of Contents

Problem

In some cases, LDAPs authentication may stop working or fail certificate verification after an update or configuration change. The most common error message is:

Can't contact LDAP server. tls_process_server_certificate:certificate verify failed (unable to get issuer certificate)

 

Solution

  1. Go to Setup → General → Global Settings → Site Management → Trusted certificate authorities for SSL

  2.  Review the list of stored certificates and chains.

  3. Delete all certificates and chains that are stored here.

    Screenshot of edit global settings. Trusted certificate authorities for SSL. Current setting for Checkmk specific has an X highlighted.

     

  4. Re-add them

    1. Use the full certificate chain if required by your LDAP environment.

    2. Ensure that the intermediate and root CA certificates are included.

  5. Save the changes and re-run the LDAP connection test.

Related articles