http://bugzilla.opensuse.org/show_bug.cgi?id=1051695 Bug ID: 1051695 Summary: ldap_start_tls: Connect error (-11) additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: bruno@ioda-net.ch QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- After upgrading a working openSUSE Leap 42.1 (ldap, sssd, samba) server there's no way to do a simple ldapsearch -x -ZZ without getting the error in subject. the self-signed ca is stored in /etc/pki/anchor/trust and symlinks are present in /var/lib/ca-certificates/pem There doesn't seems to have any changes needed in /etc/ldap.conf ps : this also create a fail condition for samba using ldap is start tls is on. What and How can this be debugged. ps2 : This symptom has been seen now on 2 servers. -- You are receiving this mail because: You are on the CC list for the bug.