Skip to Content [alt-c]
In reply to Fixing the Breakage from the AddTrust External CA Root Expiration
Hello!
We're running into an issue on our RHEL systems relating to LDAPS. Our AD admin swears he removed the cert but I think it may still be lingering somewhere. After implementing the suggested workaround then running openssl s_client -showcerts -CApath /etc/ssl/certs -verify 10 -connect <ad.server.com> it appears to throw the error "error:num=2 unable to get issuer certificate". We've blocked USERtrust and addtrust external. Each trust we block, the error seems to move to the next cert in the chain.
Are there any suggestions for how to work around this issue?
Thank you!
Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
>
monospaced
Post a Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.