The TLS certificate on the LDAP server has expired
This topic provides troubleshooting references and steps for resolving system errors when the TLS certificate on the LDAP server has expired.
Description
When the system is configured
with AD/LDAP using TLS, and the certificate on AD/LDAP has expired,
the system displays the following error when the user is trying to
run the keystone commands:
[root@SSClusterNode3 ~]# openstack user list
ERROR: openstack An unexpected error prevented the server from fulfilling your request.
(HTTP 500) (Request-ID: req-5b3422a1-fc43-4210-b092-1201e38b8cd5)2017-05-08 22:08:35.443 30518
TRACE keystone.common.wsgi CONNECT_ERROR: {'info': 'TLS error -8157:Certificate extension not found.',
'desc': 'Connect error'}
2017-05-08 22:08:35.443 30518 TRACE keystone.common.wsgi
Cause
The system displays this error because the TLS certificate on the LDAP server has expired.