LDAP - Unable to find valid SSL Certificate

LDAP - Unable to find valid SSL Certificate

If there is an error while adding LDAP Server Monitor with the message "Unable to find valid SSL Certificate", then please try the below steps to troubleshoot the issue.
When the error occurs we can find the below traces in the "stderr.txt.*" log file:

[Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
  1. Import the SSL certificate of the LDAP into Applications Manager's Truststore.truststore
    1. Execute the following command:
      <APM_Home>/working/jre/bin/keytool -import -keystore <APM_Home>/working/conf/Truststore.truststore -storepass appmanager -trustcacerts -alias <alias_name> -file <ldap_certificate_file_path>
      1. <APM_Home> - Applications Manager installed home directory
      2. <alias_name> - Provide an alias name for the LDAP certificate
      3. <ldap_certificate_file_path> - Provide absolute path to the LDAP certificate
      4. appmanager - This is the password for the LDAP certificate. Ensure that you do not change the password.

If the issue occurs even after importing the certificates
  1. Use the option Admin --> Tools --> Manage Certificates --> Trust Certificates to list the aliases which are already imported and check if it is properly imported.
    1. Note: This option will work only on Managed Servers and Professional Edition, not on Admin Servers. Refer here for more details.
  2. Check if all the certificates including Root SSL Certificate, Intermediate SSL Certificate, and Leaf SSL Certificate are imported properly into the Applications Manager's Truststore.truststore
    1. If any of them are not imported, then try importing the missed one and then check the issue

If the issue still exists even after trying the above steps, then reach the Applications Support with the below details:
  1. The screenshot of the imported certificate details (using the option mentioned above).
  2. The screenshot of the error received in the Applications Manager console.
  3. SIF after reproducing the issue for analysis.

                    New to ADSelfService Plus?

                      • Related Articles

                      • How to monitor SSL Certificate of FTPS server?

                        Two modes to invoke client security in FTPS Explicit mode Implicit mode Explicit mode (Default port 21) - This port shouldn't be used In Explicit mode, an FTPS client must "explicitly request" security from an FTPS server by sending an FTP command ...
                      • Troubleshooting SSL Handshake Error

                        SSL Handshake Error SSL Handshake error occurs when a secure connection cannot be established to the URL added for monitoring. Common reasons for it are wrong SSL protocol version, incompatible ciphers, and invalid/missing client-side certificate.  ...
                      • How to import certificates for monitoring Oracle database with SSL authentication?

                        For users using Applications Manager version 14250 and below: One-way SSL: (Client authentication disabled) 1. Open the command prompt using 'Run as administrator' option and navigate to the Applications Manager installation directory. 2. Import your ...
                      • How to import certificates for monitoring DB2 Server with SSL authentication?

                        By default, if you want to use self-signed certificates for SSL connection then the certificate generated by the DB2 server will be db2server.arm. But our AppManager doesn't support arm files. So it has to be renamed as the db2server.cer and then ...
                      • How to import certificates for monitoring Postgres Server with SSL authentication?

                        Error Message: The connection attempt failed! Reason: This error occurs when you are trying to add an SSL enabled server but the certificates which are used for SSL connection are not present in the cacerts. Solution:       To import certificates, ...