In SPE Console 9.1, when trying to add a new SPE Server using LDAP and SSL Authentication the following error is returned:

"Failed to add following server(s): server name. Reason: Authentication failed due to invalid credentials" 

SPE console 9.1 with SPE for NAS or Cloud Services version 9.1 

"SPE_REST_API.log" contains the following error:

ERROR spe.authentication.security.CustomLdapAuthenticationProvider:97 - CustomLdapAuthenticationProvider - authentication failed due to invalid credentials.

Exception: org.springframework.ldap.PartialResultException: nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: simple bind failed: XXXXX:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching XXXX found.]]

This error comes when neither the certificate common name (CN in certification Subject) nor any of the alternate names (Subject Alternative Name in the certificate) match with the target hostname or IP address.

Issue will be proactively fixed in SPE Console 9.2, the following workaround can be used in SPE Console 9.1 until the new version is available:

Steps to deploy the hotfix:

1. Browse to the SPE installation directory and go to the REST API folder:

  For Windows, default installation directory: C:\Program Files\Symantec\Scan Engine\RestAPI\

  Take the backup of the existing "sperestapi.jar" and then replace with the attached hotfix for "sperestapi.jar"

2. Then in the same RestAPI folder, open application.Properties file, add the below line:

    sperestapi.ldap.certificate.validation.san.disable.property.value=true

    save and close the file.

3. Restart SPE REST API service.