DevTest IAM LDAPS Error:sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Article ID: 129536
Updated On:
Products
CA Application Test
CA Continuous Application Insight (PathFinder)
Issue/Introduction
Calling LDAPS from DevTest IAM and getting this error when Testing Authentication:
2019-03-01 15:50:45,443 ERROR [org.keycloak.services] (default task-56) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: cscrotld.keybank.com:636: javax.naming.CommunicationException: simple bind failed: cscrotld.keybank.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
2019-03-01 15:50:45,443 ERROR [org.keycloak.services] (default task-56) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: cscrotld.keybank.com:636: javax.naming.CommunicationException: simple bind failed: cscrotld.keybank.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Cause
The IAM iam-truststore.ks does not have the needed certificates from the LDAPS server.
Environment
DevTest 10.3.0 and later.
Resolution
Import the LDAPS server certificates in the iam-truststore.ks located in folder DEVTEST_HOME/IdentityAccessManager.
! Important Note ! : Please make sure that along with server certificate, all the intermediate certificates along with Root CA certificate which are part of the certificate chain are imported in the iam trust store.
Restart IAM.
Feedback
Yes
No
Powered by
