DevTest IAM LDAPS Error:sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Article ID: 129536
CA Application TestCA Continuous Application Insight (PathFinder)
Calling LDAPS from DevTest IAM and getting this error when Testing Authentication:
2019-03-01 15:50:45,443 ERROR [org.keycloak.services] (default task-56) KC-SERVICES0055: Error when authenticating to LDAP: simple bind failed: cscrotld.keybank.com:636: javax.naming.CommunicationException: simple bind failed: cscrotld.keybank.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
The IAM iam-truststore.ks does not have the needed certificates from the LDAPS server.
DevTest 10.3.0 and later.
Import the LDAPS server certificates in the iam-truststore.ks located in folder DEVTEST_HOME/IdentityAccessManager.
! Important Note ! : Please make sure that along with server certificate, all the intermediate certificates along with Root CA certificate which are part of the certificate chain are imported in the iam trust store.