We need to update our LDAP configuration because our certificate is going to expire; we have a test ldaps server set up with the new certificate.  From within CDH->Administration->Settings, I pointed the "LDAP URL" to the new server.   simple bind failed: ldapsdev.{obscured domain}:3269; nested exception is javax.naming.CommunicationException: simple bind failed: ldapsdev.{obscureddomain}:3269 [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure]    Under the assumption that a cert needed to be added, I tried to figure out how, but could find zero documentation other than this: https://community.cloudera.com/t5/Community-Articles/Steps-to-setup-Atlas-with-Ldaps-SSL/ta-p/247365 That relates to Atlas, which we don't use, but seemed right.  I downloaded "ldapsdev-ca.crt" from the ldaps server:   echo -n | openssl s_client -connect ldapsdev.{obscureddomain}:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ldapsdev-ca.crt   And then imported it into /usr/java/jdk1.7.0_67-cloudera/jre/lib/security/cacerts.  When I do a keytool -list on that, I see it in there.  I then restarted cloudera-scm-server, but I still get the same error. Was that not the right cacerts file?  There are others in various subdirs under /etc/pki I could try to add to, but it'd be nice to know for sure which file Cloudera Server is trying to use.  Thanks!!! ... View more