Error: "A problem occured while attempting to talk to one of the directories"

book

Article ID: 158376

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

You are using signed CA certificates and attempting to configure directory replication with SSIM 4.8.1 appliances.

Full error message:

Starting replication process
----------------------------
Opening master directory connection
Configuring NSS provider
A problem occured while attempting to talk to one of the directories
netscape.ldap.LDAPException: sun.security.validator.ValidatorException: No trust
ed certificate found (91)
at com.symantec.cas.tools.replicate.security.LDAPSSLSocketFactory.makeSo
cket(LDAPSSLSocketFactory.java:136)
at com.symantec.cas.tools.replicate.security.LDAPSSLSocketFactory.makeSo
cket(LDAPSSLSocketFactory.java:71)
at netscape.ldap.LDAPConnSetupMgr.connectServer(LDAPConnSetupMgr.java:50
9)
at netscape.ldap.LDAPConnSetupMgr.openSerial(LDAPConnSetupMgr.java:435)
at netscape.ldap.LDAPConnSetupMgr.connect(LDAPConnSetupMgr.java:274)
at netscape.ldap.LDAPConnSetupMgr.access$000(LDAPConnSetupMgr.java:44)
at netscape.ldap.LDAPConnSetupMgr$1.run(LDAPConnSetupMgr.java:208)
at java.lang.Thread.run(Unknown Source)
C:\dirreplicatool>

Resolution

You will need to add the CA cert to the local java keystore on the Windows computer you are using to setup replication. Run the following keytool command:

Click Start > Run.
In the Open text box, type cmd and click OK.
Change directories \jre\bin directory.
By default this is C:\Program Files\<where java is installed>\jre\bin
Run the command:

keytool.exe -importcert -trustcacerts -alias <cert-alias-name> -file <Location of exported certificat file> -keystore "C:\Program Files\<where your java is installed>t\jre\lib\security\cacerts" -storepass changeit

Note: The <cert-alias-name> can be anything you want.