I have one UCS master and two UCS backups in my setup. Since they are running for almost 5 years the time came to renew the root certificate.
I followed the instructions
here Renewing the complete SSL certificate chain
and here: Renewing the SSL certificates.
Good news: All services seem to work just fine.
However, on all 3 instances I see repeatedly the following error log for nss-ldap:
nss-ldap: do_open: do_start_tls failed:stat=-1
e.g. I am using proftpd to provide SFTP file access for ucs users. Authentication is done directly via pam which accesses ldap through nss-ldap. Everytime someone logs in via SFTP the error is logged BUT the SFTP connection is working anyway.
Any idea what Iam missing ?