LDAPs stops working after upgrade from 1.6 to 2.0: "unable to get issuer certificate"

Owned by Former user (Deleted)
Last updated: Nov 15, 2023 by Matthew Hierholzer
1 min read

Some users may receive "unable to get issuer certificate" errors after upgrading from version 1.6 to 2.0

LAST TESTED ON CHECKMK 2.0.0P1

Table of Contents

Problem

On rare occasions when upgrading from 1.6 to 2.0, LDAPs might stop working, and you might encounter this behavior in the connector tests:


Can't contact LDAP server. tls_process_server_certificate:certificate verify failed (unable to get issuer certificate)


Solution

  1. Go to Setup → General → Global Settings → Site Management → Trusted certificate authorities for SSL

  2. Delete all certificates and chains that are stored here.
    Screenshot of edit global settings. Trusted certificate authorities for SSL. Current setting for Checkmk specific has an X highlighted.

  3. Re-add them