If You Use LDAP with TLS (LDAPS)
Note
When you upgrade Management and Security Server, you must re-establish trust of your LDAP server when using TLS (LDAPS).
Background
When LDAP authentication or authorization is configured to use LDAPS, the LDAP server is secured with a certificate. The cacerts file containing the trusted CA certificate is overwritten when Management and Security Server is upgraded, and LDAPS connections fail.
Workaround
To re-establish trust of the LDAP server, use the IMPORT CERTIFICATE function.
-
In the MSS Administrative Console, open Configure Settings – Authentication & Authorization.
-
Scroll to and check the affected LDAP server. Click EDIT.
-
Scroll to and click the IMPORT CERTIFICATE button. A dialog presents the certificate for this server.
If this button is not present, then TLS is not used for authentication of the LDAP server, and the issue documented here does not apply.
-
Click IMPORT. A message confirms “The server is trusted.”