Hi everyone,
recently, we had to renew our internal root certificate, and in the course, issue a new certificate for the ldap server. Since then, icinga web can’t connect to said backend anymore:
**Validation Log** Connect using LDAPS NOTE: There might be an issue with the chosen encryption. Ensure that the LDAP-Server supports LDAPS and that the LDAP-Client is configured to accept its certificate. LDAP bind (cn=admin,dc=yworks,dc=home / ***) to ldaps://nas-01.yworks.home:636 failed: Can't contact LDAP server
Icinga is running on a centos system, and I do have imported the new root certificate into the system truststore. Running an ldapsearch from the command line works fine:
ldapsearch -H ldap://nas-01.yworks.home:636 -b "ou=People,dc=yyy,dc=zzz" -x -D "cn=xxx,dc=yyy,dc=zzz" -W
and openssl can also verify the certificate:
openssl s_client -connect nas-01.yworks.home:636
=> Verify return code: 0 (ok)
Restarting icinga hasn’t helped - is there some other place where I need to change something?
Icinga version: 2.14.0-1
Icinga Web: 2.12.0
PHP: 7.3.33
Thanks for any pointer!