TZ can't validate cert used with LDAP with CA cert installed
WS2019 DC, TZ350 & TZ400, both are v220.127.116.11-89n. Setting up LDAP auth against the DC.
I used PowerShell to create a self-cert on the DC whose subject is the FQDN of the DC. The TZs can ping the DC by FQDN. Used the FQDN to set up LDAP.
If the "Require valid certificate from server when using TLS" option is disabled, LDAP auth works using TLS.
If "Require valid certificate from server when using TLS" is enabled, LDAP tests fail with this error: "error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate)".
I've exported the self-cert to a .CER file and imported on the TZs. In the certificates list, the "Validated" column is empty. I'm guessing that's root cause; how do I get it to validate?