I have always been using encryption mode with my own CA in the AD, a setup very similar to this: https://help.univention.com/t/cool-solution-connecting-ucs-to-freenas/12794
However, after updating to 11.3, this setup no longer works. The update process created a cert "migrated for active directory" but the WebGUI refuse to use it to join AD and complains about "no private key", and there shouldn't be any for a (imported) root CA. Additionally, CA (expect for that migrated cert) can no longer be selected from the "Certificate" drop down.
Is this behavior intended? AFAIK a client certificate is not required for AD
However, after updating to 11.3, this setup no longer works. The update process created a cert "migrated for active directory" but the WebGUI refuse to use it to join AD and complains about "no private key", and there shouldn't be any for a (imported) root CA. Additionally, CA (expect for that migrated cert) can no longer be selected from the "Certificate" drop down.
Is this behavior intended? AFAIK a client certificate is not required for AD