The TLS certificate on the LDAP server has expired

This topic provides troubleshooting references and steps for resolving system errors when the TLS certificate on the LDAP server has expired.

Description

When the system is configured with AD/LDAP using TLS, and the certificate on AD/LDAP has expired, the system displays the following error when the user is trying to run the keystone commands: 
[root@SSClusterNode3 ~]# openstack user list
ERROR: openstack An unexpected error prevented the server from fulfilling your request. 
(HTTP 500) (Request-ID: req-5b3422a1-fc43-4210-b092-1201e38b8cd5)2017-05-08 22:08:35.443 30518 
TRACE keystone.common.wsgi CONNECT_ERROR: {'info': 'TLS error -8157:Certificate extension not found.',
'desc': 'Connect error'}
2017-05-08 22:08:35.443 30518 TRACE keystone.common.wsgi

Cause

The system displays this error because the TLS certificate on the LDAP server has expired.

Proposed workaround

Update the TLS certificate on the LDAP server.
Parent topic: Object issues