[Date Prev] [Date Next] [Prev in Thread] [Next in Thread] [Date Index] [Thread Index]

SSL for LDAP



**

Greetings!


I have been trying to get AREA to use LDAP over SSL now.  I followed the instructions over at https://docs.bmc.com/docs/display/public/brid91/Enabling+LDAP+plug-ins+for+SSL+connections+post-installation.  The systems administrator instructed me some time ago to go to one of our servers and export the security certificate from within Firefox.  I did that and used keytool to create the store.  I am getting the error message below.


<PLUGINSVR> <TNAME: pool-4-thread-3          > <ERROR> <ARPluginContext                                   > <                              ARPluginContext.java:176       > /* Wed Nov 09 2016 07:12:12.805 */  <AREA.LDAP>Ldap Authentication failed!javax.naming.CommunicationException: simple bind failed: jcdc1.etsu.edu:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]


Looking at the certificate chain, I saw that there was a GeoTrust CA cert and a GeoTrust SHA cert.  I exported those from the same server and added those to the trust store.  While searching for a solution, I found some people would add the certs to the primary Java cacerts store located in /jre/lib/security/.  I did that as well and specified the path for the primary cacerts store in the AREA LDAP configuration screen.  I am still receiving the error message.


Is there something else that I'm missing?  If I need to ask something else from the systems administrator, please let me know what to ask for.


Thanks in advance for your help!


--Dustin Fawver


HelpDesk Technician

East Tennessee State University

_ARSlist: "Where the Answers Are" and have been for 20 years_