search cancel

Can't connect to a LDAPS Server

book

Article ID: 215701

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio)

Issue/Introduction

Unable to add secondary SSL Enabled LDAP Server to the Release Automation using ROC Console and throws the below PKIX Exception.

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

Environment

Release : 6.6

Component : CA RELEASE AUTOMATION

Cause

Whenever Java attempts to connect to another application over SSL ( like LDAPS), it will only be able to connect to that application if it can trust it. The way trust is handled in the Java is that you have a keystore (typically $JAVA_HOME/lib/security/cacerts), also known as the truststore.

This problem is therefore caused by a certificate that does not exist within the Java truststore. Java does not trust the certificate and fails to connect to the application.

Resolution

The exception mentioned below indicates that it is unable to find valid certification path to the requested target.

Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

Please try to import the LDAP SSL certificate to the "cacerts"( Required if a secured connection has been configured). This is stored in the RA_HOME/jre/lib/security folder.

Note: Take a backup of the cacerts before performing steps mentioned.

Once imported the ldap ssl certificate then please perform below steps.

Perform the below steps 
* ./nolio_server.sh stop 
* Restore or update the Keystore cacerts file in RA_HOME/jre/lib/security folder.
* ./nolio_server.sh start