I have an environment with about a dozen or so SLES 12 SP1 and SP2 servers that are all getting patches off a local SMT server. All of the servers have been working fine, but after updating one SP1 server, upon reboot, it no longer will trust the certificate used on the SMT server. Any time I try and patch it or use SUSEConnect I get:

SSL verification failed: self signed certificate in certificate chain
Certificate issuer: /C=US/CN=YaST Default CA (sles-smt3)/emailAddress=postmaster@sles-smt3
Certificate subject: /C=US/CN=YaST Default CA (sles-smt3)/emailAddress=postmaster@sles-smt3
SUSEConnect error: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed

I took the cert and put in /etc/pki/trust/anchors and ran update-ca-certificates, but it still errors out. I also checked /var/lib/ca-certificates/ca-bundle.pem and the certificate is indeed in that file.

All the other servers work just fine, it's just this single SLES 12 SP1 server refuses to trust it and I am baffled as to why.

Any ideas where else to look or how to fix this?