I have been trying to get AREA to use LDAP over SSL now. I followed the instructions over at https://docs.bmc.com/docs/display/public/brid91/Enabling+LDAP+plug-ins+for+SSL+connections+post-installation. The systems administrator instructed me some time ago to go to one of our servers and export the security certificate from within Firefox. I did that and used keytool to create the store. I am getting the error message below.
<PLUGINSVR> <TNAME: pool-4-thread-3 > <ERROR> <ARPluginContext > < ARPluginContext.java:176 > /* Wed Nov 09 2016 07:12:12.805 */ <AREA.LDAP>Ldap Authentication failed!javax.naming.CommunicationException:
simple bind failed: jcdc1.etsu.edu:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
path to requested target]
Looking at the certificate chain, I saw that there was a GeoTrust CA cert and a GeoTrust SHA cert. I exported those from the same server and added those to the trust store. While searching for a solution, I found some people would add the certs to the primary Java cacerts store located in /jre/lib/security/. I did that as well and specified the path for the primary cacerts store in the AREA LDAP configuration screen. I am still receiving the error message.
Is there something else that I'm missing? If I need to ask something else from the systems administrator, please let me know what to ask for.
Thanks in advance for your help!
East Tennessee State University