diff --git a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
index 836ad39e3..2d3f92a7a 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
@@ -278,17 +278,16 @@ class LDAP extends Base implements IAuthConnector
         if (isset(Config::getInstance()->object()->ca)) {
             foreach (Config::getInstance()->object()->ca as $cert) {
                 if (isset($cert->refid) && (string)$caref == $cert->refid) {
-                    $this->ldapCAcert = $cert->refid;
+                    $this->ldapCAcert = (string)$cert->refid;
+                    @mkdir("/var/run/certs");
+                    @unlink("/var/run/certs/{$this->ldapCAcert}.ca");
+                    file_put_contents("/var/run/certs/{$this->ldapCAcert}.ca", base64_decode((string)$cert->crt));
+                    @chmod("/var/run/certs/{$this->ldapCAcert}.ca", 0644);
                     break;
                 }
             }
         }
-        if (!empty($this->ldapCAcert)) {
-            @mkdir("/var/run/certs");
-            @unlink("/var/run/certs/{$this->ldapCAcert}.ca");
-            file_put_contents("/var/run/certs/{$this->ldapCAcert}.ca", base64_decode((string)$ca->crt));
-            @chmod("/var/run/certs/{$this->ldapCAcert}.ca", 0644);
-        } else {
+        if (empty($this->ldapCAcert)) {
             syslog(LOG_ERR, sprintf('LDAP: Could not lookup CA by reference for host %s.', $caref));
         }
     }