Use an SSL Certificate that contains only the key ID of the Issuing Certificate Authority in the Authority Key Identifier field, conforming to IETF RFC 5280, and complying with OpenSSL and Mozilla policy.
Including any other information in that field will result in Join failure.
There may be other causes and will be noted here in the future.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy