DevTest IAM LDAPS Error:sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

book

Article ID: 129536

calendar_today

Updated On:

Products

CA Application Test Service Virtualization CA Continuous Application Insight (PathFinder)

Issue/Introduction

Calling LDAPS from DevTest IAM and getting this error when Testing Authentication:

2019-03-01 15:50:45,443 ERROR [org.keycloak.services] (default task-56) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: cscrotld.keybank.com:636: javax.naming.CommunicationException: simple bind failed: cscrotld.keybank.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

 

Cause

The IAM iam-truststore.ks does not have the needed certificates from the LDAPS server.

Environment

DevTest 10.3.0 and later.

Resolution

Import the LDAPS server certificates in the iam-truststore.ks located in folder DEVTEST_HOME/IdentityAccessManager.


! Important Note ! : Please make sure that along with server certificate, all the intermediate certificates along with Root CA certificate which are part of the certificate chain are imported in the iam trust store.

Restart IAM.