EDR: LDAPS Login Fails With "Unable to Get Local Issuer Certificate"
search cancel

EDR: LDAPS Login Fails With "Unable to Get Local Issuer Certificate"

book

Article ID: 289278

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

When configuring LDAPS and trying to login when restarting the services the login fails
/var/log/cb/coreservices/debug.log shows the error 
"error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get local issuer certificate)"

Environment

  • EDR Server: 7.7.x and Higher
  • LDAPS

Cause

This can happen if the Root Certificate and the Intermediate Certificate are not present on the root store of the EDR server

Resolution

Move the root and intermediate certificate files being used to the certificate store of the EDR server

Additional Information

openssl -s_client may also be used to reproduce the error