LDAPS issue
Hi all!
I get the following error when trying to communicate to MS AD server over LDAPS.
(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)
here is my relevant LDAP config in cas.properties
cas.authn.ldap[0].name=Active Directory
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://XXX.XXX.XXX.XXX:636
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].baseDn="set to sane value"
cas.authn.ldap[0].searchFilter="set to sane value"
cas.authn.ldap[0].bindDn="set to sane value"
cas.authn.ldap[0].bindCredential="set to sane value"
cas.authn.ldap[0].dnFormat="set to sane value"
cas.authn.ldap[0].connectTimeout=1000
cas.authn.ldap[0].principalAttributeList=memberOf,cn,givenName,mail,givenName,mail,sn
cas.authn.ldap[0].followReferrals=false
cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
cas.authn.ldap[0].keystorePassword=keystorepassword
I used the suggestions on the pages belowto see what certs a server may have and found out what certs the server had :
and
I used this command to find out what certs I needed to add to the keystore.
openssl s_client -showcerts -connect XX.XX.XX.XX:636
NOTE:
I do not want to add the certs to the cacerts file in host machine as I am performing a docker build and I want to make all things the app needs to be loaded in the container.
openssl s_client -showcerts command showed 2 certs and I imported them both using command line like below
#CAR -- root cert from AD server
keytool -alias myalias -trustcacerts -importcert -keystore etc/cas/theKeystore -storepass XXXX -file etc/cas/myalias.cer
#CAS2 -- server cert from AD server
keytool -importcert -keystore etc/cas/theKeystore -storepass XXXX -file etc/cas/myalias2.cer -alias myalias2 -trustcacerts
I also used the sslpoke class from the 2nd URL to test the connection. It failed.
I think I have performed the task needed and I still get the error.
Thanks,
Tom