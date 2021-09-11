Our domain controllers are setup for auto-enrollment for certificates and they recently rolled over. That said, one of my VCSA's is configured with an LDAPS identity source that references a cert that is no longer valid... which prevents me from logging in with domain creds. You'd think I could just add the new certs, but I'm unable to save the config because the expired certs still exist. Using vecs-cli, I could not locate the certs in question. They don't seem to be added to any stores, which I found odd. I can see the certs when I run sso-config.sh, but I have no option to replace or delete them. I haven't tried the nuclear option of deleting the identity source but I'd really rather not do that. Who knows what that will do to permissions, roles, etc.

