diff --git a/setup/ssl.sh b/setup/ssl.sh
index badbaec2..cb1528ad 100755
--- a/setup/ssl.sh
+++ b/setup/ssl.sh
@@ -118,7 +118,7 @@ if [ ! -f $STORAGE_ROOT/ssl/ca_certificate.pem ]; then
 	CERT=$STORAGE_ROOT/ssl/ca_certificate.pem
 	hide_output \
 	openssl req -new -x509 \
-	  -days 3650 -sha256 \
+	  -days 3650 -sha384 \
 	  -key $STORAGE_ROOT/ssl/ca_private_key.pem \
 	  -passin 'pass:SECRET-PASSWORD' \
 	  -out $CERT \
diff --git a/tests/system-setup/remote-nextcloud-docker.sh b/tests/system-setup/remote-nextcloud-docker.sh
index 28cf517d..3cb3ef68 100755
--- a/tests/system-setup/remote-nextcloud-docker.sh
+++ b/tests/system-setup/remote-nextcloud-docker.sh
@@ -123,8 +123,24 @@ install_nextcloud_docker() {
     docker exec -u www-data NC ./occ app:enable user_ldap \
         || die "docker: enabling user_ldap failed ($?)"
 
+    #
     # integrate Nextcloud with MiaB-LDAP
+    #    
     H2 "docker: integrate Nextcloud with MiaB-LDAP"
+    
+    # create an /etc/ldap/ldap.conf specifying what root certificates
+    # are valid for peer cert validation by openldap tools
+    # (ldapsearch). This is needed for the docker debian image (not
+    # needed on ubuntu?) for the tools to recognize the root
+    # certificate copied above
+    echo "TLS_CACERT /etc/ssl/certs/ca-certificates.crt" > /tmp/ldap.conf.$$
+    docker exec NC mkdir /etc/ldap \
+        || die "docker: mkdir /etc/ldap failed"
+    docker cp /tmp/ldap.conf.$$ NC:/etc/ldap/ldap.conf \
+        || die "docker: could not copy /tmp/ldap.conf.$$ to NC:/etc/ldap"
+    rm -f /tmp/ldap.conf.$$
+    
+    # execute the script that sets up Nextcloud
     docker cp setup/mods.available/remote-nextcloud-use-miab.sh NC:/tmp \
         || die "docker: cp remote-nextcloud-use-miab.sh failed"
     docker exec NC /tmp/remote-nextcloud-use-miab.sh \