Impossible to login with LDAP user "java.security.cert.CertificateExpiredException"

book

Article ID: 196544

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

It is impossible to login via AWI to the AE using a LDAP user, the JWP log contains the following error: 

U00045014 Exception 'javax.naming.CommunicationException: "domain.com:636"' at 'com.sun.jndi.ldap.Connection.()'.
U00045015 The previous error was caused by 'java.security.cert.CertificateExpiredException: "NotAfter: Fri Jul 31 19:09:12 UTC 2020"' at 'sun.security.x509.CertificateValidity.valid()'.
U00045040 LDAP check with logon user 'DOMAIN\USER' failed.

Cause

Incorrect (expired) certificate had been imported into one of the LDAP servers for test reasons

 

Environment

Release : 12.x

Component : AUTOMATION ENGINE

Resolution

In order to fix the issue, contact your System / LDAP Server Administrators and ask them to verify the Certificates validity and fix / update the expired certificate. 

To do so, you should do the following kind of commands if using the Java default keystore (cacerts):

     
  • java -jar /pathtoyourae_bin_folder/ucsrvjp.jar -installcert yourldapserver:636
  • stop / start JWP via AWI or Service Manager Dialog

After having renewed this certificate the LDAP login will work fine again.

 

Additional Information

As a workaround, you can move to LDAP instead of LDAPS by replacing in the UC_LDAP_DOMAIN the port 636 by 389 and TLS set to N instead of Y.

Once the certificates are imported, you can set back to port 636 and TLS to Y as explained here

Powered by Wolken Software