I am experiencing a bit of a pickle with the AD Sources configured for TLS. Our Network team recently decommissioned 2 DCs. When they decommissioned them the AD sources are not giving the typical cert error below. The cert used before is still good but had the decommissioned DCs listed in it.
Do I need a new cert for the remaining DCs to render TLS active again?
Failed to connect to IQService. Please check TLS configuration for IQService: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
You should check the Subject fields of the existing Active Directory certificates in your Virtual Appliance — they may still be linked to the hostnames of the decommissioned Domain Controllers.
Additionally, you can inspect the certificates of the current DCs using a tool like OpenSSL on Virtual Appliance server. For example:
openssl s_client -connect <host>:<port>
This will help you verify which certificates are currently in use and their associated hostnames.
If necessary, you can also save the certificates from the current DCs directly using the OpenSSL command
Alternatively, you can ask your AD team to provide the Root Certificate and any intermediate certificates required to complete the trust chain.