From 095f8d9c7a165be7fbde92ce8fc83086c06c6391 Mon Sep 17 00:00:00 2001
From: Zachary Seguin <ztseguin@csclub.uwaterloo.ca>
Date: Mon, 19 Aug 2019 00:39:13 -0400
Subject: [PATCH] Switch to ca-cert store for auth ca

---
 roles/csc-auth/files/ldap.conf | 4 ++--
 roles/csc-auth/files/sssd.conf | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/csc-auth/files/ldap.conf b/roles/csc-auth/files/ldap.conf
index 35c47f8..00c7ebd 100644
--- a/roles/csc-auth/files/ldap.conf
+++ b/roles/csc-auth/files/ldap.conf
@@ -11,6 +11,6 @@ URI     ldap://ldap1.csclub.uwaterloo.ca ldap://ldap2.csclub.uwaterloo.ca
 
 SIZELIMIT	0
 
-TLS_CACERT      /etc/ssl/certs/GlobalSign_Intermediate_Root_SHA256_G2.pem
-TLS_CACERTFILE	/etc/ssl/certs/GlobalSign_Intermediate_Root_SHA256_G2.pem
+TLS_CACERT      /etc/ssl/certs/ca-certificates.crt
+TLS_CACERTFILE	/etc/ssl/certs/ca-certificates.crt
 
diff --git a/roles/csc-auth/files/sssd.conf b/roles/csc-auth/files/sssd.conf
index d678275..a140121 100644
--- a/roles/csc-auth/files/sssd.conf
+++ b/roles/csc-auth/files/sssd.conf
@@ -13,7 +13,7 @@ sudo_provider = ldap
 entry_cache_timeout = 600
 
 ldap_uri = ldaps://ldap1.csclub.uwaterloo.ca,ldaps://ldap2.csclub.uwaterloo.ca
-ldap_tls_cacert = /etc/ssl/certs/GlobalSign_Intermediate_Root_SHA256_G2.pem
+ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
 ldap_tls_reqcert = demand
 ldap_search_base = dc=csclub,dc=uwaterloo,dc=ca
 ldap_schema = rfc2307bis