Description:

Binding to the LDAP fails when attempting to test the LDAPS connection with the SSO utility with the following error message:

Could not obtain a DirectoryContext.
javax.naming.CommunicationException: simple bind failed: <ldap server name>:636 [Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find validcertification path to requested target]

Bind to the directory failed.

Solution:

1. Make sure the certificate is imported into the correct java keystore:
   
   
   1. Import the certificate into the Java Trusted Certificates keystore using the following command:
      
      keytool -importcert -keystore installDirectory/jre/ lib/security/cacerts -storepass cacertspasswd -alias alias -file filename.cer
      keystore : he location of the keystore file (.ks).
      cacertspasswd : Specifies the password for the cacerts keystore. Default: changeit
      filename.cer : The filename of the certificate.
      
      
   2. Create a backup of the cacerts file.
      
      
   3. (Optional) For more security, change the password of the java trusted
      
      certificates keystore using the following command:
      keytool -storepasswd -keystore installDirectory/ jre/lib/security/cacerts
      You are prompted to provide the existing password and the new password.
      
      
   4. Verify that your imported certificate is available. Use the following
      
      command:
      keytool -list -keystore
      
      
2. Other JRE's not installed by the product may cause conflicts with the keystore. If that is the case uninstall JRE's that are not part of the product's installation.