EDR: LDAPS Login Fails With "Unable to Get Local Issuer Certificate"
book
Article ID: 289278
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
When configuring LDAPS and trying to login when restarting the services the login fails
/var/log/cb/coreservices/debug.log shows the errorÂ
"error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get local issuer certificate)"
Environment
- EDR Server: 7.7.x and Higher
- LDAPS
Cause
This can happen if the Root Certificate and the Intermediate Certificate are not present on the root store of the EDR server
Resolution
Move the root and intermediate certificate files being used to the certificate store of the EDR server
Additional Information
openssl -s_client may also be used to reproduce the error
Feedback
thumb_up
Yes
thumb_down
No