search cancel

NetOps Portal LDAP access failures post LDAP SSL certificate import

book

Article ID: 257160

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Setting up and enabling LDAPS in DX NetOps Performance Management Portal web server.

Getting the following errors with Test LDAP SsoConfig tests.

Could not obtain a DirectoryContext.
javax.naming.CommunicationException: simple bind failed: <LDAPHost>:636 [Root exception is javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching <LDAPHost> found.]
Bind to the directory failed.

Environment

All supported DX NetOps Performance Management Portal web server releases

Cause

The configured Search Domain value was not set to use a Subject Alternative Name (SubjectAlternativeName or SAN) defined in its HTTPS SSL certificate.

Resolution

Ensure the Search Domain value set in the SsoConfig for LDAP is using a name set as a SAN in the LDAP servers certificate.

Additional Information

To list the imported SSL Certificate SAN entries use the following command. Default paths shown. Replace <alias> with the certificate Alias name used when importing the certificate. Replace <cacertspassword> with the correct password which is 'changeit' by default.

  • keytool -list -v -alias <alias> -keystore /opt/CA/jre/lib/security/cacerts -storepass <cacertspassword>