Why is Insecure LDAP working but Secure LDAP Fails?

book

Article ID: 169588

calendar_today

Updated On:

Products

Management Center

Issue/Introduction

When I enable secure LDAP I am unable to successfully authenticate to the Management Console


  Authentication Failed in the GUI 

[2017-06-05 18:04:16.589] WARN  http-bio-8082-exec-1         com.bluecoat.cm.security.internal.ProxyAuthenticator Unable to contact authentication provider Primary AD,simple bind failed: <LDAPIP>:636; nested exception is javax.naming.CommunicationException: simple bind failed: <LDAPIP>:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] 

Cause

Management Center must trust the certificate provided by the LDAP server.  

Resolution

From the CLI  

MC#  enable
MC#  security ssl import external-certificate ?
-> Verify the FTP, SCP, HTTP, HTTPS formatting and enter the above command replacing the ? with the url.  
-> You will then be prompted to add the certificate which was imported.  Select Y

Restart the Management Console Via CLI or GUI and test again.