PWM Certificate Issue
3,448 views
Skip to first unread message
Anthony Hoppe
Dec 17, 2015, 6:02:33 PM12/17/15
to pwm-general
I've had PWM up and running for a while now. The certificate for the Active Directory domain controller PWM references is not slated to expire until January 27th 2016. However, I'm suddenly getting the following error:
event: Fatal Event
instanceID: 9BF65BC0E6870D17
timestamp: Thu Dec 17 14:51:59 PST 2015
level: FATAL
actor:
date: Thu Dec 17 14:51:59 PST 2015
source:
topic: password.pwm.PwmApplication
message: check ldap proxy settings: 5017 ERROR_DIRECTORY_UNAVAILABLE ( error connecting as proxy user: unable to create connection: unable to connect to any configured ldap url, last error: unable to bind to ldaps://dc.domain.com:636 as cn=System Access,cn=users,dc=domain,dc=com reason: CommunicationException (dc.domain.com:636; java.security.cert.CertificateException: server certificate {subject=CN=dc.domain.com} does not match a certificate in the configuration trust store.))
instanceID: 9BF65BC0E6870D17
timestamp: Thu Dec 17 14:51:59 PST 2015
level: FATAL
actor:
date: Thu Dec 17 14:51:59 PST 2015
source:
topic: password.pwm.PwmApplication
message: check ldap proxy settings: 5017 ERROR_DIRECTORY_UNAVAILABLE ( error connecting as proxy user: unable to create connection: unable to connect to any configured ldap url, last error: unable to bind to ldaps://dc.domain.com:636 as cn=System Access,cn=users,dc=domain,dc=com reason: CommunicationException (dc.domain.com:636; java.security.cert.CertificateException: server certificate {subject=CN=dc.domain.com} does not match a certificate in the configuration trust store.))
Because I cannot log in, I can't seem to access the Configuration Manager. 1) How can I access the Configuration Manager when PWM cannot connect to the directory serer? and 2) any advice on the above error?
Thanks!!
Anthony Hoppe
Dec 17, 2015, 7:09:24 PM12/17/15
to pwm-general
Well, turns out the date I had for the certificate expiration was wrong. Looks like it expired today. Whoops!
I was able to edit the PWM config to gain access to the Configuration Manager. Renewing the certificate then removing and re-importing resolved the problem. :-)
sandye...@gmail.com
Feb 19, 2016, 4:18:07 PM2/19/16
to pwm-general
On Thursday, December 17, 2015 at 3:02:33 PM UTC-8, Anthony Hoppe wrote:
Anthony Hoppe
Feb 25, 2016, 5:15:26 PM2/25/16
to pwm-general
I edited the following file:
/opt/apache-tomcat-7.0.57/webapps/pwm/WEB-INF/PwmConfiguration.xml
I changed the property configIsEditable from false to true.
Sorry for the late response. Hopefully this helps!
From: sandye...@gmail.com
To: "pwm-general" <pwm-g...@googlegroups.com>
Sent: Friday, February 19, 2016 1:18:07 PM
Subject: [pwm-general] Re: PWM Certificate Issue
To: "pwm-general" <pwm-g...@googlegroups.com>
Sent: Friday, February 19, 2016 1:18:07 PM
Subject: [pwm-general] Re: PWM Certificate Issue
--
You received this message because you are subscribed to a topic in the Google Groups "pwm-general" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/pwm-general/5p0WM1F9Feg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to pwm-general...@googlegroups.com.
To post to this group, send email to pwm-g...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/f264f754-8759-4ace-9c3c-f5de75764c6e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to a topic in the Google Groups "pwm-general" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/pwm-general/5p0WM1F9Feg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to pwm-general...@googlegroups.com.
To post to this group, send email to pwm-g...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/f264f754-8759-4ace-9c3c-f5de75764c6e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Sandyeggo Blue
Feb 25, 2016, 9:07:19 PM2/25/16
to pwm-g...@googlegroups.com
no worries on the late response. I figured it out. it was exactly what you did.
thanks again!
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/1581349383.1600255.1456438524083.JavaMail.zimbra%40sjcourts.org.
Reply all
Reply to author
Forward
0 new messages