When configuring federation to LDAP or Active Directory over SSL, in addition to specifying ldaps in the url, you would need to configure CA and certs in the Infrastructure Configuration section of the UI. If, for some reason, you have entered an incorrect or partial certificate at the time of initial setup, this will cause ldaps connection to fail.

Current Limitations to add, delete or edit are mentioned below:

• There is currently no way to edit or make changes to the certs in the UI, or via api and cli.
• The UI doesn’t let you delete a certificate if it’s being used by a data plane which can be the case for some customers.
• There is also a limit of one certifcate per provider and attempting to add another would give you this error: “Certificate already exists for the given provider and customer”.