My UCS server (4.2-2) is a virtual guest and runs as a AD-DC. There is also another slave UCS AD-DC on the same host. The host runs Proxmox.
On running “diagnostics” within UMC I get the following error. Please help with solving the issue.
Check validity of SSL certificates
Found invalid certificate '/etc/simplesamlphp/ucs-sso...-idp-certificate.crt’:
/etc/simplesamlphp/ucs-sso...-idp-certificate.crt: C = IN, ST = IN, L = IN, O = , OU = Univention Corporate Server, CN = ucs-sso..., emailAddress = ssl@..*
error 20 at 0 depth lookup:unable to get local issuer certificate
I did the following checks:
I used the openssl “verify” and checked it against the CAcert on the DC (which happens to be the same machine). This produced the same error as above.
I copied the ucs-sso-<>.crt to a windows machine and checked the rootCA name. The names were different. That is: The rootCA name shown in the CAcert file is different from the rootCA name displayed in the ucs-sso*.crt.
Should I re-generate the file? Also:
How to do that?
After above, how to ensure they are copied to all relevant locations?