NetWorker: LDAPS configuration: 'timestamp check failed' error message may occur with a valid certificate

• NetWorker  

•  Configuration of LDAPS frequently fails with timestamp check failed error message even when certificate is valid. 

• Error executing command.Failure: 400 Bad Request. Server message: Failed to verify configuration ldaps1: An SSL handshake error occurred while attempting to connect to LDAPS server: timestamp check failed.

   

• The certificate is valid until fut ure date.

• Multiple entries for the ldap server in keystore, some of which may be expired.

If the error message  Error executing command. Failure: 400 Bad Request. Server message: Failed to verify configuration LDAPS: An SSL handshake error occurred while attempting to connect to LDAPS server: timestamp check failed  is seen during authc_config, check the following from the NW server.

a. Ensure the date and time on NW server is in sync with the LDAP server
b. Verify if the certificate is a valid one by executing  openssl s_client -connect <LDAPS server:636> -CAfile <certificate> . If the command returns  Verify return code: 10 (certificate has expired) , it means the certificate has expired and cannot be used.  notAfter  field shows the validity of this certificate. 

Openssl tool is recommended to verify the certificate.

[root@ncdqd131 ~]# openssl s_client -connect <server>:636 -CAfile cert