Description:
Binding to the LDAP fails when attempting to test the LDAPS connection with the SSO utility with the following error message:
Could not obtain a DirectoryContext.
javax.naming.CommunicationException: simple bind failed: <ldap server name>:636 [Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find validcertification path to requested target]
Bind to the directory failed.
Solution:
- Make sure the certificate is imported into the correct java keystore:
- Import the certificate into the Java Trusted Certificates keystore using the following command:
keytool -importcert -keystore installDirectory/jre/ lib/security/cacerts -storepass cacertspasswd -alias alias -file filename.cer
keystore : he location of the keystore file (.ks).
cacertspasswd : Specifies the password for the cacerts keystore. Default: changeit
filename.cer : The filename of the certificate.
- Create a backup of the cacerts file.
- (Optional) For more security, change the password of the java trusted
certificates keystore using the following command:
keytool -storepasswd -keystore installDirectory/ jre/lib/security/cacerts
You are prompted to provide the existing password and the new password.
- Verify that your imported certificate is available. Use the following
command:
keytool -list -keystore
- Other JRE's not installed by the product may cause conflicts with the keystore. If that is the case uninstall JRE's that are not part of the product's installation.