When running a Policy Server, it cannot connect with SSL to the LDAP User Directory and it reports the error:
[79525/139743374337792][Sun Apr 19 2020 10:10:48][SmDsLdapConnMgr.cpp:917][ERROR][sm-Ldap-01370] SmDsLdapConnMgr Bind. Server ldap.example.com : 636. Error 81-Can't contact LDAP server
Siteminder release: 12.8x
component: Policy server
os: ALL
The LDAP User Store certificate is tagged as a CA Certificate (Root) as it has C, not P:
# certutil -L -d /{home_policy_server}/siteminder/certs
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
myldapserver C,C,C
RootCA P,,
The certificate should be set as P and not C as per documentation (1).
Make the myldapserver as P,, and not as C,C,C:
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
myldapserver C,C,C
RootCA P,,
# certutil -D -n myldapserver -d /{home_policy_server}/certs
# certutil -A -n myldapserver -t P,, -i myldapserver.crt -d /{home_policy_server}/certs
# certutil -L -d /{home_policy_server}/certs
should show as something like:
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
myldapserver P,,
Make also RootCA as C,, and not as P,,