I had to restore-domain a few days back and it seems
this had the side effect of resetting the cacert.jks stores on my
server instances.
We use an internal CA on our LDAP server, so this broke authentication
for a little while.
Is that expected behaviour (it makes sense to me)?
And where is the 'right' place to add a custom CA? Is there a 'master
keystore' somewhere
in the domain config I can add this kind of entry that will be
propagated to the server instances?