Why is Insecure LDAP working but Secure LDAP Fails?
book
Article ID: 169588
calendar_today
Updated On:
Products
Management Center
Issue/Introduction
When I enable secure LDAP I am unable to successfully authenticate to the Management Console
Authentication Failed in the GUI
[2017-06-05 18:04:16.589] WARN http-bio-8082-exec-1 com.bluecoat.cm.security.internal.ProxyAuthenticator Unable to contact authentication provider Primary AD,simple bind failed: <LDAPIP>:636; nested exception is javax.naming.CommunicationException: simple bind failed: <LDAPIP>:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Cause
Management Center must trust the certificate provided by the LDAP server.
Resolution
From the CLI
MC# enable
MC# security ssl import external-certificate ?
-> Verify the FTP, SCP, HTTP, HTTPS formatting and enter the above command replacing the ? with the url.
-> You will then be prompted to add the certificate which was imported. Select Y
Restart the Management Console Via CLI or GUI and test again.