Thorsten Scherf

To fix it first convert the existing CA certificate into DER format: ~~~ $ openssl x509 -in /etc/ipa/ca.crt -out /tmp/ca.der -outform der ~~~ Then remove the current value from LDAP...

@rcritten - Rob, should we clone the ticket into BZ? We have so many customers running into this issue that I'd really like to prioritize the development of this check.

> Sure, feel free. https://bugzilla.redhat.com/show_bug.cgi?id=1926909