B
Brandon McCombs
I have a java app that uses JNDI to talk to Active Directory through
LDAP. In order to set passwords ADS requires a SSL connection. At one
point I had this working but part of the virtual machine that I have
Active Directory running in got corrupted and I had to redo the
certificates and since then I can't get a SSL connection to be
established using my app.
The error is javax.naming.CommunicationException: simple bind failed:
192.168.15.129:636 [Root exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: signature check failed]
I'm not quite sure what this means (not sure why Sun thinks I should
know). I documented that I need to export the CA certificate from ADS
and so I did that again. It also seems I had created a user certificate
for the administrator (the user I'm testing my app with) so I redid the
user cert. I've put both of those certs into my keystore and I'm
specifying the keystore and the keystore password in my code. The code
hasn't changed as far as SSL is concerned. However I have changed the
format of the username that I have my app use to authenticate users. I
used to use just "administrator" but I changed it to
"(e-mail address removed)". I'm not sure how that affects anything
since the domain is still okay (I only had to reinstall Cert Services to
create a new CA cert and then create a new user cert).
Any ideas on how to go about diagnosing this?
thanks
LDAP. In order to set passwords ADS requires a SSL connection. At one
point I had this working but part of the virtual machine that I have
Active Directory running in got corrupted and I had to redo the
certificates and since then I can't get a SSL connection to be
established using my app.
The error is javax.naming.CommunicationException: simple bind failed:
192.168.15.129:636 [Root exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: signature check failed]
I'm not quite sure what this means (not sure why Sun thinks I should
know). I documented that I need to export the CA certificate from ADS
and so I did that again. It also seems I had created a user certificate
for the administrator (the user I'm testing my app with) so I redid the
user cert. I've put both of those certs into my keystore and I'm
specifying the keystore and the keystore password in my code. The code
hasn't changed as far as SSL is concerned. However I have changed the
format of the username that I have my app use to authenticate users. I
used to use just "administrator" but I changed it to
"(e-mail address removed)". I'm not sure how that affects anything
since the domain is still okay (I only had to reinstall Cert Services to
create a new CA cert and then create a new user cert).
Any ideas on how to go about diagnosing this?
thanks