Hi,
We are facing issue with LDAP cert update. OwnCloud fails to use updated LDAP certs and still alerts that certs are expired.
What we already did:
- Put certs into /etc/pki/ca-trust/source/anchors/ and /etc/openldap/certs
- Ran update-ca-trust extract
- Restarted apache server
- ldap.conf looks like
TLS_CACERTDIR /etc/openldap/certs
TLS_CACERT /etc/openldap/certs/ldapscert.pem
SASL_NOCANON on
Certs are fine, on other services ldaps works as expected and openssl check returns OK
# openssl verify -verbose /etc/openldap/certs/full_cert.pem
/etc/openldap/certs/full_cert.pem: OK
# openssl x509 -enddate -noout -in full_cert.pem
notAfter=Aug 22 12:00:00 2019 GMT
But connection to ldap server fails as:
# openssl s_client -connect ldap.service:636
CONNECTED(00000003)
depth=2 C = BM, O = nnn, CN = Trust Anchor Root CA G2
verify return:1
depth=1 C = xx, O = yy, CN = Devices Sub CA V5 G2
verify return:1
depth=0 C = xx, O = yy, CN = ldap.service
verify error:num=10:certificate has expired
notAfter=Sep 6 12:06:00 2018 GMT
verify return:1
depth=0 C = xx, O = yy, CN = ldap.service
notAfter=Sep 6 12:06:00 2018 GMT
verify return:1
Is there a way how to force OwnCloud to use updated certs?
Thank you in advance.