search cancel

Cannot write application data until initial handshake completed LDAPS error

book

Article ID: 257089

calendar_today

Updated On:

Products

Management Center - VA Management Center

Issue/Introduction

The following error is encountered when testing the LDAPS (Lightweight Directory Access Protocol over SSL) connectivity on Management Center.

Test failed, "Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException [Root exception is java.lang.IllegalStateException: Cannot write application data until initial handshake completed.]"

 

This error may occur with the LDAP or Active Directory LDAP configurations when using secure LDAP.

Cause

This error is presented when the SSL handshake does not complete successfully.

One common cause is due to Management Center not trusting the SSL certificate that was presented by the LDAPS server.

Resolution

Install the Root CA certificate on Management Center through the CLI (command line interface) and add it to the browser-trusted CCL (CA certificate list).

 

For example,

MgmtCtr(config)# ssl inline ca-certificate LDAPS_Root_CA
Enter the certificate below and end it with a Ctrl-D
-----BEGIN CERTIFICATE-----
MIIDczCCAlugAwIBAgIQXvxvCKkFyJRKdJFjTkIEJjANBgkqhkiG9w0BAQsFADBM
...
8lyX0HtwfHrIyW3UOB8R5A/a7b+fqD0=
-----END CERTIFICATE-----

  ok
MgmtCtr(config)# ssl edit ccl browser-trusted add LDAPS_Root_CA
  ok

 

The administrator should also ensure the SSL certificate has a valid SAN (Subject Alternative Name) entry for the IP or hostname that was entered as the LDAPS host URL.

Attachments