Description:

Binding to the LDAP fails when attempting to test the LDAPS connection with the SSO utility with the following error message:

Could not obtain a DirectoryContext.
javax.naming.CommunicationException: simple bind failed: <ldap server name>:636 [Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find validcertification path to requested target]

Bind to the directory failed.

Solution:

1. Make sure the certificate is imported into the correct java keystore:
   
   
   1. Import the certificate into the Java Trusted Certificates keystore using the following command:
      
      keytool -importcert -keystore installDirectory/jre/ lib/security/cacerts -storepass cacertspasswd -alias alias -file filename.cer
      keystore : he location of the keystore file (.ks).
      cacertspasswd : Specifies the password for the cacerts keystore. Default: changeit
      filename.cer : The filename of the certificate.
      
      
   2. Create a backup of the cacerts file.
      
      
   3. (Optional) For more security, change the password of the java trusted
      
      certificates keystore using the following command:
      keytool -storepasswd -keystore installDirectory/ jre/lib/security/cacerts
      You are prompted to provide the existing password and the new password.
      
      
   4. Verify that your imported certificate is available. Use the following
      
      command:
      keytool -list -keystore
      
      
2. Other JRE's not installed by the product may cause conflicts with the keystore. If that is the case uninstall JRE's that are not part of the product's installation.

Release: SAMCNH99000-9.2-NetQoS-SuperAgent-Management Console-Hardware
Component: