The customer's Admin UI is configured for external administrator authentication. The external admin store logs showed an SSL handshake failure. Both Admin UI and the store are configured for TLS 1.2 only, and there is at least one common cipher between client/server. This led to examining the SSL certificates in use during which a mismatch was discovered between the SSL cert on the directory server and the Certificate Authority (CA) cert installed in the Admin UI.
The Admin UI must have the correct Certificate Authority (CA) certificates installed in order to make a secure connection to the external admin store. The Subject of the CA cert must match the Issuer of the SSL cert.
If a chained CA is used, all intermediate CA certs must also be imported along with the root CA cert. In the root CA cert, the Subject and Issuer fields will match.