search cancel

LDAPS Just Stopped Working

book

Article ID: 189040

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

Automic End-Users all of a sudden couldn't log into the AWI and were getting the following errors:

U00045033 Log on to LDAP server '<ldaps servername>:636' with user '<username>'.
U00045014 Exception 'javax.naming.CommunicationException: "simple bind failed: <ldaps_servername>:636"' at 'com.sun.jndi.ldap.LdapClient.authenticate():219'.
U00045015 The previous error was caused by 'javax.net.ssl.SSLHandshakeException: "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"' at 'sun.security.ssl.Alerts.getSSLException():192'.
U00045015 The previous error was caused by 'sun.security.validator.ValidatorException: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"' at 'sun.security.validator.PKIXValidator.doBuild():387'.
U00045015 The previous error was caused by 'sun.security.provider.certpath.SunCertPathBuilderException: "unable to find valid certification path to requested target"' at 'sun.security.provider.certpath.SunCertPathBuilder.build():141'.
U00045040 LDAP check with logon user '<username>' failed.

The quotation marks may also be in different place as such:
U00045033 Log on to LDAP server '<ldaps servername>' with user '<username>'.
U00045014 Exception 'javax.naming.CommunicationException: "<ldaps servername>:636"' at 'com.sun.jndi.ldap.Connection.<init>()
U00045015 The previous error was caused by 'javax.net.ssl.SSLHandshakeException: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"' at 'sun.security.ssl.Alert.createSSLException():131'.
U00045015 The previous error was caused by 'sun.security.validator.ValidatorException: "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"' at 'sun.security.validator.PKIXValidator.doBuild():439'.
U00045015 The previous error was caused by 'sun.security.provider.certpath.SunCertPathBuilderException: "unable to find valid certification path to requested target"' at 'sun.security.provider.certpath.SunCertPathBuilder.build():141'.
U00045040 LDAP check with logon user 'KUL-DC\SRV_KULDC-ATM-PKULDC' failed.

Environment

Release : 12.3

Component : AUTOMATION ENGINE

Cause

Certificate to bind to LDAPS was either expired or missing in the Java keystore.

Resolution

Automic Admin imported the certificate into the Java Keystore (cacerts) that Automic was using.

Example:  keytool -import -keystore cacerts -file <certificate>.cer - alias automicldaps 

Once imported the issue was resolved.