Community Articles
Find and share helpful community-sourced technical articles

When configuring LDAPS in HDP its common to see wrong certificates used or certificates without the correct chain.

To ensure the correct chain of certificates is used when configuring LDAPS you can use openssl to read the certificate from the server and save it to a file. This file can them be imported into, for example, the Ambari truststore.

echo -n | openssl s_client -connect <ad-server>:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /root/ldaps-cert.pem
New Contributor

it is worked for me.. thanks.