LDAP - Unable to find valid SSL Certificate
If there is an error while adding LDAP Server Monitor with the message "Unable to find valid SSL Certificate", then please try the below steps to troubleshoot the issue.
When the error occurs we can find the below traces in the "stderr.txt.*" log file:
[Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
- Import the SSL certificate of the LDAP into Applications Manager's Truststore.truststore
- Execute the following command:
<APM_Home>/working/jre/bin/keytool -import -keystore <APM_Home>/working/conf/Truststore.truststore -storepass appmanager -trustcacerts -alias <alias_name> -file <ldap_certificate_file_path>
- <APM_Home> - Applications Manager installed home directory
- <alias_name> - Provide an alias name for the LDAP certificate
- <ldap_certificate_file_path> - Provide absolute path to the LDAP certificate
- appmanager - This is the password for the LDAP certificate. Ensure that you do not change the password.
If the issue occurs even after importing the certificates
- Use the option Admin --> Tools --> Manage Certificates --> Trust Certificates to list the aliases which are already imported and check if it is properly imported.
- Note: This option will work only on Managed Servers and Professional Edition, not on Admin Servers. Refer here for more details.
- Check if all the certificates including Root SSL Certificate, Intermediate SSL Certificate, and Leaf SSL Certificate are imported properly into the Applications Manager's Truststore.truststore
- If any of them are not imported, then try importing the missed one and then check the issue
If the issue still exists even after trying the above steps, then reach the Applications Support with the below details:
- The screenshot of the imported certificate details (using the option mentioned above).
- The screenshot of the error received in the Applications Manager console.
- SIF after reproducing the issue for analysis.
New to ADSelfService Plus?