Discussion:
One LDAP server can connect via ssl, the other no good...Both certs installed.
(too old to reply)
bill valvik
2018-06-07 20:34:13 UTC
Permalink
I have 2 older LDAP servers. One I have extracted the established self-signed cert and properly loaded it into the testserver.jks file in my solution directory.

I can iterate through this one if I run the al.

The other server. I extraced the cert the same way and installed it with a different alias name. However this will not allow a connection. Below is the error

12:58:37,483 ERROR - CTGDIS266E Error in InitConnectors. Exception occurred: javax.naming.CommunicationException: simple bind failed: authacc3.standard.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target]
javax.naming.CommunicationException: simple bind failed: authacc3.standard.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target]


Do I need to reference which cert for each connector?

Any ideas?

thank you,
yn2000
2018-06-08 00:46:10 UTC
Permalink
If you set SDI as a client connecting to a target server, don't you need to put the SSL cert in the testadmin.jks, instead of testserver.jks?
Rgds. YN.
Jason Williams
2018-06-14 12:59:50 UTC
Permalink
Post by bill valvik
I have 2 older LDAP servers. One I have extracted the established self-signed cert and properly loaded it into the testserver.jks file in my solution directory.
I can iterate through this one if I run the al.
The other server. I extraced the cert the same way and installed it with a different alias name. However this will not allow a connection. Below is the error
12:58:37,483 ERROR - CTGDIS266E Error in InitConnectors. Exception occurred: javax.naming.CommunicationException: simple bind failed: authacc3.standard.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target]
javax.naming.CommunicationException: simple bind failed: authacc3.standard.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target]
Do I need to reference which cert for each connector?
Any ideas?
thank you,
Bill,
See that you're adding the cert to the jks defined for the javax.net.ssl.trustStore property in solution.properties
Loading...