LDAPS Connection Setup Issues with CAS 6.6.3
55 views
Skip to first unread message
Michael Santangelo
Mar 29, 2023, 10:15:00 AM3/29/23
to CAS Community
Hello all,
I reposted this because I goofed and didn't sanitize all the hostnames.
I've got CAS working fine with LDAP and now I'm trying to push hard to get it to work with LDAPS.
I've got a JKS store, /etc/cas/keys/store which is a JKS file, containing two keys:
PDC-CA.FQDN public certificate
VDC.FQDN public certificate issued from PDC-CA
In my cas.properties I have...
cas.authn.ldap[0].keystore=file:/etc/cas/keys/store
cas.authn.ldap[0].keystorePassword=thecorrectpassword
cas.authn.ldap[0].keystoreType=JKS
cas.authn.ldap[0].ldapUrl=ldaps://VDC.FQDN:636
#cas.authn.ldap[0].startTLS=true
cas.authn.ldap[0].keystorePassword=thecorrectpassword
cas.authn.ldap[0].keystoreType=JKS
cas.authn.ldap[0].ldapUrl=ldaps://VDC.FQDN:636
#cas.authn.ldap[0].startTLS=true
Every time I run CAS, I get:
2023-03-28 11:18:15,325 ERROR [org.ldaptive.transport.netty.NettyConnection] - <Connection open failed for org.ldaptive.transport.netty.NettyConnection@183859529::ldapUrl=[org.ldaptive.LdapURL@1061528439::scheme=ldaps, hostname=VDA.FQDN, port=636, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null], isOpen=false, connectTime=null, connectionConfig=[org.ldaptive.ConnectionConfig@647411335::ldapUrl=ldaps://VDC.FQDN:636, connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M, autoReconnect=true, autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1759/0x00000008409df840@ea45a5b, autoReplay=true, sslConfig=[org.ldaptive.ssl.SslConfig@1475886210::credentialConfig=[org.ldaptive.ssl.KeyStoreCredentialConfig@1686450676::trustStore=null, trustStoreType=null, trustStoreAliases=null, keyStore=file:/etc/cas/keys/store, keyStoreType=JKS, keyStoreAliases=null], trustManagers=null, hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@7a600e21, enabledCipherSuites=null, enabledProtocols=null, handshakeCompletedListeners=null, handshakeTimeout=PT1M], useStartTLS=false, connectionInitializers=[org.ldaptive.BindConnectionInitializer@393413334::bindDn=CN=casbind,CN=Users,DC=Domain, bindSaslConfig=null, bindControls=null], connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1775349092::ldapURLSet=[org.ldaptive.LdapURLSet@1166754951::active=[], inactive=[[org.ldaptive.LdapURL@1061528439::scheme=ldaps, hostname=VDC.FQDN, port=636, baseDn=null, attributes=null, scope=null, filter=null, inetAddress=null]]], activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1768/0x00000008409ddc40@296a71df, retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1762/0x00000008409df440@4db4431b, initialized=true], connectionValidator=null, transportOptions={}], channel=null>
and an error:
and an error:
org.ldaptive.ConnectException: javax.net.ssl.SSLException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Do I need to add the PDC-CA certificate elsewhere? I'm kind of stumped.
Thanks!
Reply all
Reply to author
Forward
0 new messages