Skip to Content [alt-c]


In reply to Fixing the Breakage from the AddTrust External CA Root Expiration

Reader Jack on 2020-06-01 at 00:45:


We're running into an issue on our RHEL systems relating to LDAPS. Our AD admin swears he removed the cert but I think it may still be lingering somewhere. After implementing the suggested workaround then running openssl s_client -showcerts -CApath /etc/ssl/certs -verify 10 -connect <> it appears to throw the error "error:num=2 unable to get issuer certificate". We've blocked USERtrust and addtrust external. Each trust we block, the error seems to move to the next cert in the chain.

Are there any suggestions for how to work around this issue?

Thank you!


Post a Reply

Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with > are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim (good for code).
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.
  • Use the Preview button to check your formatting.