question about keystore, error unable to connect ldaps...
85 views
Skip to first unread message
Antonio Peña Díaz
Jun 5, 2023, 6:14:41 AM6/5/23
to pwm-general
Hi community
I used before on May first days the version 2.0.4 and everything works fine.
after that i upgrade to 2.0.5 and when i test it the container still works ok.
including entering in the configuration. but just test it in a quick way. I see everythig was fine until now.
today in the morning we receiving this error
5017 ERROR_DIRECTORY_UNAVAILABLE (error connecting as proxy user: unable to create connection: unable to connect to any configured ldap url, last error: unable to bind to ldaps:
so, the keystore in someway isn't got the certificate. maybe because was working on cache for some time until today?? why keystore not show up this error when I upgrade?
how works keystore in this case? i tried to verify internal content with cat /root/.pwm-workpath/work-pwm-8443/keystore but I see is the binary unreadable. so can't see the difference before and after..
so to solve the issue i had to change from FALSE to TRUE the configuration to can access into configuration PWM to skip authentication, and reimport the certificates. and close again from TRUE to FALSE configuration mode. and now everything is working fine.
INFO , pwm.PwmApplication, successfully exported application https key to keystore file /root/.pwm-workpath/work-pwm-8443/keystore
what could be happend in this case?
I must say the keystore isn't in my configuration dir as persistent .. Have to add it persistent to avoid this issue in the next upgrades??.. i'm using PWM with docker container.
thanks for the clarification in advance.
Jason Rivard
Jun 7, 2023, 7:22:21 AM6/7/23
to pwm-general
Trusted certificates are stored in the PwmConfiguration.xml. The java keystore in the work path is generated dynamically and is only used for the https tomcat certificate, which is also stored in the PwmConfiguration.xml.
Andrii Malyi
Feb 21, 2024, 6:07:02 PMFeb 21
to pwm-general
Hi.
As I can see in the PwmConfiguration.xml there are fullchain + key in the "https.server.cert" part.
The key is encrypted or encoded somehow? Can I update the certificates and the key manually in the config?
As I can see in the PwmConfiguration.xml there are fullchain + key in the "https.server.cert" part.
The key is encrypted or encoded somehow? Can I update the certificates and the key manually in the config?
Reply all
Reply to author
Forward
0 new messages