search cancel

LDAPS Just Stopped Working

book

Article ID: 189040

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

Automic End-Users all of a sudden couldn't log into the AWI and were getting the following errors:

U00045033 Log on to LDAP server '<ldaps servername>:636' with user '<username>'.
U00045014 Exception 'javax.naming.CommunicationException: "simple bind failed: <ldaps_servername>:636"' at 'com.sun.jndi.ldap.LdapClient.authenticate():219'.
U00045015 The previous error was caused by 'javax.net.ssl.SSLHandshakeException: "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"' at 'sun.security.ssl.Alerts.getSSLException():192'.
U00045015 The previous error was caused by 'sun.security.validator.ValidatorException: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"' at 'sun.security.validator.PKIXValidator.doBuild():387'.
U00045015 The previous error was caused by 'sun.security.provider.certpath.SunCertPathBuilderException: "unable to find valid certification path to requested target"' at 'sun.security.provider.certpath.SunCertPathBuilder.build():141'.
U00045040 LDAP check with logon user '<username>' failed.

The quotation marks may also be in different place as such:
U00045033 Log on to LDAP server '<ldaps servername>' with user '<username>'.
U00045014 Exception 'javax.naming.CommunicationException: "<ldaps servername>:636"' at 'com.sun.jndi.ldap.Connection.<init>()
U00045015 The previous error was caused by 'javax.net.ssl.SSLHandshakeException: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"' at 'sun.security.ssl.Alert.createSSLException():131'.
U00045015 The previous error was caused by 'sun.security.validator.ValidatorException: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"' at 'sun.security.validator.PKIXValidator.doBuild():439'.
U00045015 The previous error was caused by 'sun.security.provider.certpath.SunCertPathBuilderException: "unable to find valid certification path to requested target"' at 'sun.security.provider.certpath.SunCertPathBuilder.build():141'.
U00045040 LDAP check with logon user 'KUL-DC\SRV_KULDC-ATM-PKULDC' failed.

Cause

Certificate to bind to LDAPS was either expired or missing in the Java keystore.

Environment

Release : 12.3

Component : AUTOMATION ENGINE

Resolution

Automic Admin imported the certificate into the Java Keystore (cacerts) that Automic was using.

Example:  keytool -import -keystore cacerts -file <certificate>.cer - alias automicldaps 

Once imported the issue was resolved.