subject:"\[cas\-user\] Secure Ldap \(LDAPS\) \-\-\(PKIX path building failed\: sun.security.provider.certpath.SunCertPathBuilderException\: unable to find valid certification path to requested target\)"

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-03-02 Thread 'Robert Bond' via CAS Community

CA Trust chain without the client cert should work.

On Fri, Feb 21, 2020 at 11:48 AM Jason Everling 
wrote:

> I was just curious about using the root cert instead, we have a JKS file
> with our internal roots. We have a 3 tier internal pki so we dont use
> endpoint certs in any trust settings because machine certs are only valid
> for 12 months
> --
> *From:* 'Robert Bond' via CAS Community 
> *Sent:* Friday, February 21, 2020 8:36:59 AM
> *To:* cas-user@apereo.org 
> *Subject:* Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target)
>
> I just finished writing an article detailing setting up LDAPS on Active
> Directory:
> https://dev.to/bondr007/active-directory-ldaps-the-easy-way-1bnc
>
> For cas I just specified the CA cert I created using the config line below:
> cas.authn.ldap[0].trustCertificates=file:/etc/cas/ldaps_cert.crt
>
> On Fri, Feb 21, 2020 at 8:25 AM Robert Bond  wrote:
>
> iirc it can be the root ca or the client public cert.
>
> Are you using a public ca, and if so which one?
> To be safe you could just put the fullchain.
>
> On Thu, Feb 20, 2020 at 8:06 PM Jason Everling 
> wrote:
>
> Does that work if you specify the root or only the end entity certificate?
>
> On Thu, Feb 20, 2020 at 8:33 AM 'Robert Bond' via CAS Community <
> cas-user@apereo.org> wrote:
>
> You can also just pass it just the (CA or client) cert file. Like so:
> cas.authn.ldap[0].trustCertificates=file:/etc/cas/ldaps_cert.crt
>
> On Wed, Feb 19, 2020 at 7:34 PM Jason Everling 
> wrote:
>
> Grab your LDAPS certificates, create a new JKS keystore type and add your
> certificates to it. The default java password is changeit so we will just
> use that as well. The AD ldap settings would be,
>
> cas.authn.ldap[0].keystore=file:/etc/cas/your_keystore_name
> cas.authn.ldap[0].keystorePassword=changeit
>
> On Wednesday, February 19, 2020 at 6:40:54 PM UTC-6, Tom Healey wrote:
>
>
> Daniel,
> Thank you for your response. Is there a difference between the keystore
>
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keystorePassword=keystorepassword
>
>
> and the trust store parameters?
>
> cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
> cas.authn.ldap[0].trustStorePassword=truststorepassword
>
> In any event
> I did this:
>
> keytool -alias myalias -importcert -keystore theLdapKeystore - -storetype
> PKCS12 -file myalias.cer # root
> keytool -alias myalias2 -importcert -keystore theLdapKeystore - -storetype
> PKCS12 -file myalias.cer # server
> and still have the problem of
>
> *sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target *
>
> Thanks all.
> Tom
>
>
>
> I did add the certs to the keystore(/etc/cas/thekeystore), which is the
> same one that tomcat uses for SSL server keys.
> Thanks.
>
> On Wednesday, February 19, 2020 at 4:58:24 PM UTC-5, dfisher wrote:
>
> On Wed, Feb 19, 2020 at 1:21 PM Tom Healey  wrote:
>
> LDAPS issue
>
> Hi all!
> I get the following error when trying to communicate to MS AD server over
> LDAPS.
> (PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target)
>
> here is my relevant LDAP config in cas.properties
>
> cas.authn.ldap[0].name=Active Directory
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldaps://XXX.XXX.XXX.XXX:636
> cas.authn.ldap[0].useSsl=true
> cas.authn.ldap[0].baseDn="set to sane value"
> cas.authn.ldap[0].searchFilter="set to sane value"
> cas.authn.ldap[0].bindDn="set to sane value"
> cas.authn.ldap[0].bindCredential="set to sane value"
> cas.authn.ldap[0].dnFormat="set to sane value"
> cas.authn.ldap[0].connectTimeout=1000
>
> cas.authn.ldap[0].principalAttributeList=memberOf,cn,givenName,mail,givenName,mail,sn
> cas.authn.ldap[0].followReferrals=false
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keystorePassword=keystorepassword
>
>
> Try adding new properties:
> cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
> cas.authn.ldap[0].trustStorePassword=truststorepassword
>
> Then import your CA into that truststore file. I'm not certain about the
> camel casing of those properties, but it should be something close to that.
>
>
>
>
> --Daniel Fisher
>
> --
&g

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-02-21 Thread Jason Everling

I was just curious about using the root cert instead, we have a JKS file with 
our internal roots. We have a 3 tier internal pki so we dont use endpoint certs 
in any trust settings because machine certs are only valid for 12 months

From: 'Robert Bond' via CAS Community 
Sent: Friday, February 21, 2020 8:36:59 AM
To: cas-user@apereo.org 
Subject: Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target)

I just finished writing an article detailing setting up LDAPS on Active 
Directory:
https://dev.to/bondr007/active-directory-ldaps-the-easy-way-1bnc

For cas I just specified the CA cert I created using the config line below:
cas.authn.ldap[0].trustCertificates=file:/etc/cas/ldaps_cert.crt

On Fri, Feb 21, 2020 at 8:25 AM Robert Bond 
mailto:bo...@nsuok.edu>> wrote:
iirc it can be the root ca or the client public cert.

Are you using a public ca, and if so which one?
To be safe you could just put the fullchain.

On Thu, Feb 20, 2020 at 8:06 PM Jason Everling 
mailto:jason.everl...@gmail.com>> wrote:
Does that work if you specify the root or only the end entity certificate?

On Thu, Feb 20, 2020 at 8:33 AM 'Robert Bond' via CAS Community 
mailto:cas-user@apereo.org>> wrote:
You can also just pass it just the (CA or client) cert file. Like so:
cas.authn.ldap[0].trustCertificates=file:/etc/cas/ldaps_cert.crt

On Wed, Feb 19, 2020 at 7:34 PM Jason Everling 
mailto:jason.everl...@gmail.com>> wrote:
Grab your LDAPS certificates, create a new JKS keystore type and add your 
certificates to it. The default java password is changeit so we will just use 
that as well. The AD ldap settings would be,

cas.authn.ldap[0].keystore=file:/etc/cas/your_keystore_name
cas.authn.ldap[0].keystorePassword=changeit

On Wednesday, February 19, 2020 at 6:40:54 PM UTC-6, Tom Healey wrote:

Daniel,
Thank you for your response. Is there a difference between the keystore

cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
cas.authn.ldap[0].keystorePassword=keystorepassword

and the trust store parameters?

cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
cas.authn.ldap[0].trustStorePassword=truststorepassword

In any event
I did this:

keytool -alias myalias -importcert -keystore theLdapKeystore - -storetype 
PKCS12 -file myalias.cer # root
keytool -alias myalias2 -importcert -keystore theLdapKeystore - -storetype 
PKCS12 -file myalias.cer # server
and still have the problem of
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target

Thanks all.
Tom

I did add the certs to the keystore(/etc/cas/thekeystore), which is the same 
one that tomcat uses for SSL server keys.
Thanks.

On Wednesday, February 19, 2020 at 4:58:24 PM UTC-5, dfisher wrote:
On Wed, Feb 19, 2020 at 1:21 PM Tom Healey  wrote:
LDAPS issue

Hi all!
I get the following error when trying to communicate to MS AD server over LDAPS.
(PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target)

here is my relevant LDAP config in cas.properties

cas.authn.ldap[0].name=Active Directory
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://XXX.XXX.XXX.XXX:636
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].baseDn="set to sane value"
cas.authn.ldap[0].searchFilter="set to sane value"
cas.authn.ldap[0].bindDn="set to sane value"
cas.authn.ldap[0].bindCredential="set to sane value"
cas.authn.ldap[0].dnFormat="set to sane value"
cas.authn.ldap[0].connectTimeout=1000
cas.authn.ldap[0].principalAttributeList=memberOf,cn,givenName,mail,givenName,mail,sn
cas.authn.ldap[0].followReferrals=false
cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
cas.authn.ldap[0].keystorePassword=keystorepassword

Try adding new properties:
cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
cas.authn.ldap[0].trustStorePassword=truststorepassword

Then import your CA into that truststore file. I'm not certain about the camel 
casing of those properties, but it should be something close to that.

--Daniel Fisher

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f60ee9d3-6154-4adc-ba38-f2cfd52643af%40apereo.org<https://grou

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-02-21 Thread 'Robert Bond' via CAS Community

I just finished writing an article detailing setting up LDAPS on Active
Directory:
https://dev.to/bondr007/active-directory-ldaps-the-easy-way-1bnc

For cas I just specified the CA cert I created using the config line below:
cas.authn.ldap[0].trustCertificates=file:/etc/cas/ldaps_cert.crt

On Fri, Feb 21, 2020 at 8:25 AM Robert Bond  wrote:

> iirc it can be the root ca or the client public cert.
>
> Are you using a public ca, and if so which one?
> To be safe you could just put the fullchain.
>
> On Thu, Feb 20, 2020 at 8:06 PM Jason Everling 
> wrote:
>
>> Does that work if you specify the root or only the end entity certificate?
>>
>> On Thu, Feb 20, 2020 at 8:33 AM 'Robert Bond' via CAS Community <
>> cas-user@apereo.org> wrote:
>>
>>> You can also just pass it just the (CA or client) cert file. Like so:
>>> cas.authn.ldap[0].trustCertificates=file:/etc/cas/ldaps_cert.crt
>>>
>>> On Wed, Feb 19, 2020 at 7:34 PM Jason Everling 
>>> wrote:
>>>
 Grab your LDAPS certificates, create a new JKS keystore type and add
 your certificates to it. The default java password is changeit so we will
 just use that as well. The AD ldap settings would be,

 cas.authn.ldap[0].keystore=file:/etc/cas/your_keystore_name
 cas.authn.ldap[0].keystorePassword=changeit

 On Wednesday, February 19, 2020 at 6:40:54 PM UTC-6, Tom Healey wrote:
>
>
> Daniel,
> Thank you for your response. Is there a difference between the
> keystore
>
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keystorePassword=keystorepassword
>
>
> and the trust store parameters?
>
> cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
> cas.authn.ldap[0].trustStorePassword=truststorepassword
>
> In any event
> I did this:
>
> keytool -alias myalias -importcert -keystore theLdapKeystore -
> -storetype PKCS12 -file myalias.cer # root
> keytool -alias myalias2 -importcert -keystore theLdapKeystore -
> -storetype PKCS12 -file myalias.cer # server
> and still have the problem of
>
> *sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target*
>
> Thanks all.
> Tom
>
>
>
> I did add the certs to the keystore(/etc/cas/thekeystore), which is
> the same one that tomcat uses for SSL server keys.
> Thanks.
>
> On Wednesday, February 19, 2020 at 4:58:24 PM UTC-5, dfisher wrote:
>>
>> On Wed, Feb 19, 2020 at 1:21 PM Tom Healey 
>> wrote:
>>
>>> LDAPS issue
>>>
>>> Hi all!
>>> I get the following error when trying to communicate to MS AD server
>>> over LDAPS.
>>> (PKIX path building failed:
>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to 
>>> find
>>> valid certification path to requested target)
>>>
>>> here is my relevant LDAP config in cas.properties
>>>
>>> cas.authn.ldap[0].name=Active Directory
>>> cas.authn.ldap[0].type=AUTHENTICATED
>>> cas.authn.ldap[0].ldapUrl=ldaps://XXX.XXX.XXX.XXX:636
>>> cas.authn.ldap[0].useSsl=true
>>> cas.authn.ldap[0].baseDn="set to sane value"
>>> cas.authn.ldap[0].searchFilter="set to sane value"
>>> cas.authn.ldap[0].bindDn="set to sane value"
>>> cas.authn.ldap[0].bindCredential="set to sane value"
>>> cas.authn.ldap[0].dnFormat="set to sane value"
>>> cas.authn.ldap[0].connectTimeout=1000
>>>
>>> cas.authn.ldap[0].principalAttributeList=memberOf,cn,givenName,mail,givenName,mail,sn
>>> cas.authn.ldap[0].followReferrals=false
>>> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
>>> cas.authn.ldap[0].keystorePassword=keystorepassword
>>>
>>>
>> Try adding new properties:
>> cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
>> cas.authn.ldap[0].trustStorePassword=truststorepassword
>>
>> Then import your CA into that truststore file. I'm not certain about
>> the camel casing of those properties, but it should be something close to
>> that.
>>
>
>
>>
>> --Daniel Fisher
>>
> --
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-user+unsubscr...@apereo.org.
 To view this discussion on the web visit
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/f60ee9d3-6154-4adc-ba38-f2cfd52643af%40apereo.org

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-02-21 Thread 'Robert Bond' via CAS Community

iirc it can be the root ca or the client public cert.

Are you using a public ca, and if so which one?
To be safe you could just put the fullchain.

On Thu, Feb 20, 2020 at 8:06 PM Jason Everling 
wrote:

> Does that work if you specify the root or only the end entity certificate?
>
> On Thu, Feb 20, 2020 at 8:33 AM 'Robert Bond' via CAS Community <
> cas-user@apereo.org> wrote:
>
>> You can also just pass it just the (CA or client) cert file. Like so:
>> cas.authn.ldap[0].trustCertificates=file:/etc/cas/ldaps_cert.crt
>>
>> On Wed, Feb 19, 2020 at 7:34 PM Jason Everling 
>> wrote:
>>
>>> Grab your LDAPS certificates, create a new JKS keystore type and add
>>> your certificates to it. The default java password is changeit so we will
>>> just use that as well. The AD ldap settings would be,
>>>
>>> cas.authn.ldap[0].keystore=file:/etc/cas/your_keystore_name
>>> cas.authn.ldap[0].keystorePassword=changeit
>>>
>>> On Wednesday, February 19, 2020 at 6:40:54 PM UTC-6, Tom Healey wrote:


 Daniel,
 Thank you for your response. Is there a difference between the keystore

 cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
 cas.authn.ldap[0].keystorePassword=keystorepassword


 and the trust store parameters?

 cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
 cas.authn.ldap[0].trustStorePassword=truststorepassword

 In any event
 I did this:

 keytool -alias myalias -importcert -keystore theLdapKeystore -
 -storetype PKCS12 -file myalias.cer # root
 keytool -alias myalias2 -importcert -keystore theLdapKeystore -
 -storetype PKCS12 -file myalias.cer # server
 and still have the problem of

 *sun.security.validator.ValidatorException: PKIX path building failed:
 sun.security.provider.certpath.SunCertPathBuilderException: unable to find
 valid certification path to requested target*

 Thanks all.
 Tom



 I did add the certs to the keystore(/etc/cas/thekeystore), which is
 the same one that tomcat uses for SSL server keys.
 Thanks.

 On Wednesday, February 19, 2020 at 4:58:24 PM UTC-5, dfisher wrote:
>
> On Wed, Feb 19, 2020 at 1:21 PM Tom Healey 
> wrote:
>
>> LDAPS issue
>>
>> Hi all!
>> I get the following error when trying to communicate to MS AD server
>> over LDAPS.
>> (PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to 
>> find
>> valid certification path to requested target)
>>
>> here is my relevant LDAP config in cas.properties
>>
>> cas.authn.ldap[0].name=Active Directory
>> cas.authn.ldap[0].type=AUTHENTICATED
>> cas.authn.ldap[0].ldapUrl=ldaps://XXX.XXX.XXX.XXX:636
>> cas.authn.ldap[0].useSsl=true
>> cas.authn.ldap[0].baseDn="set to sane value"
>> cas.authn.ldap[0].searchFilter="set to sane value"
>> cas.authn.ldap[0].bindDn="set to sane value"
>> cas.authn.ldap[0].bindCredential="set to sane value"
>> cas.authn.ldap[0].dnFormat="set to sane value"
>> cas.authn.ldap[0].connectTimeout=1000
>>
>> cas.authn.ldap[0].principalAttributeList=memberOf,cn,givenName,mail,givenName,mail,sn
>> cas.authn.ldap[0].followReferrals=false
>> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
>> cas.authn.ldap[0].keystorePassword=keystorepassword
>>
>>
> Try adding new properties:
> cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
> cas.authn.ldap[0].trustStorePassword=truststorepassword
>
> Then import your CA into that truststore file. I'm not certain about
> the camel casing of those properties, but it should be something close to
> that.
>


>
> --Daniel Fisher
>
 --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f60ee9d3-6154-4adc-ba38-f2cfd52643af%40apereo.org
>>> 
>>> .
>>>
>>
>>
>> --
>> Robert Bond
>> Network Administrator
>> (918) 444-5886
>> Northeastern State University
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-02-20 Thread Jason Everling

Does that work if you specify the root or only the end entity certificate?

On Thu, Feb 20, 2020 at 8:33 AM 'Robert Bond' via CAS Community <
cas-user@apereo.org> wrote:

> You can also just pass it just the (CA or client) cert file. Like so:
> cas.authn.ldap[0].trustCertificates=file:/etc/cas/ldaps_cert.crt
>
> On Wed, Feb 19, 2020 at 7:34 PM Jason Everling 
> wrote:
>
>> Grab your LDAPS certificates, create a new JKS keystore type and add your
>> certificates to it. The default java password is changeit so we will just
>> use that as well. The AD ldap settings would be,
>>
>> cas.authn.ldap[0].keystore=file:/etc/cas/your_keystore_name
>> cas.authn.ldap[0].keystorePassword=changeit
>>
>> On Wednesday, February 19, 2020 at 6:40:54 PM UTC-6, Tom Healey wrote:
>>>
>>>
>>> Daniel,
>>> Thank you for your response. Is there a difference between the keystore
>>>
>>> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
>>> cas.authn.ldap[0].keystorePassword=keystorepassword
>>>
>>>
>>> and the trust store parameters?
>>>
>>> cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
>>> cas.authn.ldap[0].trustStorePassword=truststorepassword
>>>
>>> In any event
>>> I did this:
>>>
>>> keytool -alias myalias -importcert -keystore theLdapKeystore -
>>> -storetype PKCS12 -file myalias.cer # root
>>> keytool -alias myalias2 -importcert -keystore theLdapKeystore -
>>> -storetype PKCS12 -file myalias.cer # server
>>> and still have the problem of
>>>
>>> *sun.security.validator.ValidatorException: PKIX path building failed:
>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>>> valid certification path to requested target*
>>>
>>> Thanks all.
>>> Tom
>>>
>>>
>>>
>>> I did add the certs to the keystore(/etc/cas/thekeystore), which is the
>>> same one that tomcat uses for SSL server keys.
>>> Thanks.
>>>
>>> On Wednesday, February 19, 2020 at 4:58:24 PM UTC-5, dfisher wrote:

 On Wed, Feb 19, 2020 at 1:21 PM Tom Healey  wrote:

> LDAPS issue
>
> Hi all!
> I get the following error when trying to communicate to MS AD server
> over LDAPS.
> (PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target)
>
> here is my relevant LDAP config in cas.properties
>
> cas.authn.ldap[0].name=Active Directory
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldaps://XXX.XXX.XXX.XXX:636
> cas.authn.ldap[0].useSsl=true
> cas.authn.ldap[0].baseDn="set to sane value"
> cas.authn.ldap[0].searchFilter="set to sane value"
> cas.authn.ldap[0].bindDn="set to sane value"
> cas.authn.ldap[0].bindCredential="set to sane value"
> cas.authn.ldap[0].dnFormat="set to sane value"
> cas.authn.ldap[0].connectTimeout=1000
>
> cas.authn.ldap[0].principalAttributeList=memberOf,cn,givenName,mail,givenName,mail,sn
> cas.authn.ldap[0].followReferrals=false
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keystorePassword=keystorepassword
>
>
 Try adding new properties:
 cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
 cas.authn.ldap[0].trustStorePassword=truststorepassword

 Then import your CA into that truststore file. I'm not certain about
 the camel casing of those properties, but it should be something close to
 that.

>>>
>>>

 --Daniel Fisher

>>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f60ee9d3-6154-4adc-ba38-f2cfd52643af%40apereo.org
>> 
>> .
>>
>
>
> --
> Robert Bond
> Network Administrator
> (918) 444-5886
> Northeastern State University
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOA9z6ru4wYRvpPLtL_KWw1MxNvnmTPeR_9rOnzjoKq5zzseLQ%40mail.gmail.com
>

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-02-20 Thread 'Robert Bond' via CAS Community

You can also just pass it just the (CA or client) cert file. Like so:
cas.authn.ldap[0].trustCertificates=file:/etc/cas/ldaps_cert.crt

On Wed, Feb 19, 2020 at 7:34 PM Jason Everling 
wrote:

> Grab your LDAPS certificates, create a new JKS keystore type and add your
> certificates to it. The default java password is changeit so we will just
> use that as well. The AD ldap settings would be,
>
> cas.authn.ldap[0].keystore=file:/etc/cas/your_keystore_name
> cas.authn.ldap[0].keystorePassword=changeit
>
> On Wednesday, February 19, 2020 at 6:40:54 PM UTC-6, Tom Healey wrote:
>>
>>
>> Daniel,
>> Thank you for your response. Is there a difference between the keystore
>>
>> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
>> cas.authn.ldap[0].keystorePassword=keystorepassword
>>
>>
>> and the trust store parameters?
>>
>> cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
>> cas.authn.ldap[0].trustStorePassword=truststorepassword
>>
>> In any event
>> I did this:
>>
>> keytool -alias myalias -importcert -keystore theLdapKeystore - -storetype
>> PKCS12 -file myalias.cer # root
>> keytool -alias myalias2 -importcert -keystore theLdapKeystore -
>> -storetype PKCS12 -file myalias.cer # server
>> and still have the problem of
>>
>> *sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target*
>>
>> Thanks all.
>> Tom
>>
>>
>>
>> I did add the certs to the keystore(/etc/cas/thekeystore), which is the
>> same one that tomcat uses for SSL server keys.
>> Thanks.
>>
>> On Wednesday, February 19, 2020 at 4:58:24 PM UTC-5, dfisher wrote:
>>>
>>> On Wed, Feb 19, 2020 at 1:21 PM Tom Healey  wrote:
>>>
 LDAPS issue

 Hi all!
 I get the following error when trying to communicate to MS AD server
 over LDAPS.
 (PKIX path building failed:
 sun.security.provider.certpath.SunCertPathBuilderException: unable to find
 valid certification path to requested target)

 here is my relevant LDAP config in cas.properties

 cas.authn.ldap[0].name=Active Directory
 cas.authn.ldap[0].type=AUTHENTICATED
 cas.authn.ldap[0].ldapUrl=ldaps://XXX.XXX.XXX.XXX:636
 cas.authn.ldap[0].useSsl=true
 cas.authn.ldap[0].baseDn="set to sane value"
 cas.authn.ldap[0].searchFilter="set to sane value"
 cas.authn.ldap[0].bindDn="set to sane value"
 cas.authn.ldap[0].bindCredential="set to sane value"
 cas.authn.ldap[0].dnFormat="set to sane value"
 cas.authn.ldap[0].connectTimeout=1000

 cas.authn.ldap[0].principalAttributeList=memberOf,cn,givenName,mail,givenName,mail,sn
 cas.authn.ldap[0].followReferrals=false
 cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
 cas.authn.ldap[0].keystorePassword=keystorepassword


>>> Try adding new properties:
>>> cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
>>> cas.authn.ldap[0].trustStorePassword=truststorepassword
>>>
>>> Then import your CA into that truststore file. I'm not certain about the
>>> camel casing of those properties, but it should be something close to that.
>>>
>>
>>
>>>
>>> --Daniel Fisher
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f60ee9d3-6154-4adc-ba38-f2cfd52643af%40apereo.org
> 
> .
>


-- 
Robert Bond
Network Administrator
(918) 444-5886
Northeastern State University

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOA9z6ru4wYRvpPLtL_KWw1MxNvnmTPeR_9rOnzjoKq5zzseLQ%40mail.gmail.com.

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-02-19 Thread Jason Everling

Grab your LDAPS certificates, create a new JKS keystore type and add your 
certificates to it. The default java password is changeit so we will just 
use that as well. The AD ldap settings would be,

cas.authn.ldap[0].keystore=file:/etc/cas/your_keystore_name
cas.authn.ldap[0].keystorePassword=changeit

On Wednesday, February 19, 2020 at 6:40:54 PM UTC-6, Tom Healey wrote:
>
>
> Daniel,
> Thank you for your response. Is there a difference between the keystore 
>
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keystorePassword=keystorepassword
>
>
> and the trust store parameters?
>
> cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
> cas.authn.ldap[0].trustStorePassword=truststorepassword
>
> In any event 
> I did this:
>
> keytool -alias myalias -importcert -keystore theLdapKeystore - -storetype 
> PKCS12 -file myalias.cer # root
> keytool -alias myalias2 -importcert -keystore theLdapKeystore - -storetype 
> PKCS12 -file myalias.cer # server
> and still have the problem of 
>
> *sun.security.validator.ValidatorException: PKIX path building failed: 
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
> valid certification path to requested target*
>
> Thanks all.
> Tom
>
>
>
> I did add the certs to the keystore(/etc/cas/thekeystore), which is the 
> same one that tomcat uses for SSL server keys.
> Thanks.
>
> On Wednesday, February 19, 2020 at 4:58:24 PM UTC-5, dfisher wrote:
>>
>> On Wed, Feb 19, 2020 at 1:21 PM Tom Healey  wrote:
>>
>>> LDAPS issue
>>>
>>> Hi all!
>>> I get the following error when trying to communicate to MS AD server 
>>> over LDAPS.
>>> (PKIX path building failed: 
>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
>>> valid certification path to requested target)
>>>
>>> here is my relevant LDAP config in cas.properties
>>>
>>> cas.authn.ldap[0].name=Active Directory
>>> cas.authn.ldap[0].type=AUTHENTICATED
>>> cas.authn.ldap[0].ldapUrl=ldaps://XXX.XXX.XXX.XXX:636
>>> cas.authn.ldap[0].useSsl=true
>>> cas.authn.ldap[0].baseDn="set to sane value"
>>> cas.authn.ldap[0].searchFilter="set to sane value"
>>> cas.authn.ldap[0].bindDn="set to sane value"
>>> cas.authn.ldap[0].bindCredential="set to sane value"
>>> cas.authn.ldap[0].dnFormat="set to sane value"
>>> cas.authn.ldap[0].connectTimeout=1000
>>>
>>> cas.authn.ldap[0].principalAttributeList=memberOf,cn,givenName,mail,givenName,mail,sn
>>> cas.authn.ldap[0].followReferrals=false 
>>> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
>>> cas.authn.ldap[0].keystorePassword=keystorepassword
>>>
>>>
>> Try adding new properties:
>> cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
>> cas.authn.ldap[0].trustStorePassword=truststorepassword
>>
>> Then import your CA into that truststore file. I'm not certain about the 
>> camel casing of those properties, but it should be something close to that.
>>
>  
>
>>
>> --Daniel Fisher
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f60ee9d3-6154-4adc-ba38-f2cfd52643af%40apereo.org.

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-02-19 Thread Daniel Fisher

On Wed, Feb 19, 2020 at 7:41 PM Tom Healey  wrote:

>
> Daniel,
> Thank you for your response. Is there a difference between the keystore
>
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keystorePassword=keystorepassword
>
>
> and the trust store parameters?
>

The keystore is used for authentication material, the truststore is used
for trust material. Putting trust material in the keystore file will not
fix this issue. Also note that the default type is JKS, if you're using
PKCS12 you'll need to set the trustStoreType property.

--Daniel Fisher

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFC6YwRG2siiwG5RqiewjCaBJUryYH06Xw1XXHEPDEwAzX%3D%3DyA%40mail.gmail.com.

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-02-19 Thread Tom Healey


Daniel,
Thank you for your response. Is there a difference between the keystore 

cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
cas.authn.ldap[0].keystorePassword=keystorepassword


and the trust store parameters?

cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
cas.authn.ldap[0].trustStorePassword=truststorepassword

In any event 
I did this:

keytool -alias myalias -importcert -keystore theLdapKeystore - -storetype 
PKCS12 -file myalias.cer # root
keytool -alias myalias2 -importcert -keystore theLdapKeystore - -storetype 
PKCS12 -file myalias.cer # server
and still have the problem of 

*sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target*

Thanks all.
Tom



I did add the certs to the keystore(/etc/cas/thekeystore), which is the 
same one that tomcat uses for SSL server keys.
Thanks.

On Wednesday, February 19, 2020 at 4:58:24 PM UTC-5, dfisher wrote:
>
> On Wed, Feb 19, 2020 at 1:21 PM Tom Healey  > wrote:
>
>> LDAPS issue
>>
>> Hi all!
>> I get the following error when trying to communicate to MS AD server over 
>> LDAPS.
>> (PKIX path building failed: 
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
>> valid certification path to requested target)
>>
>> here is my relevant LDAP config in cas.properties
>>
>> cas.authn.ldap[0].name=Active Directory
>> cas.authn.ldap[0].type=AUTHENTICATED
>> cas.authn.ldap[0].ldapUrl=ldaps://XXX.XXX.XXX.XXX:636
>> cas.authn.ldap[0].useSsl=true
>> cas.authn.ldap[0].baseDn="set to sane value"
>> cas.authn.ldap[0].searchFilter="set to sane value"
>> cas.authn.ldap[0].bindDn="set to sane value"
>> cas.authn.ldap[0].bindCredential="set to sane value"
>> cas.authn.ldap[0].dnFormat="set to sane value"
>> cas.authn.ldap[0].connectTimeout=1000
>>
>> cas.authn.ldap[0].principalAttributeList=memberOf,cn,givenName,mail,givenName,mail,sn
>> cas.authn.ldap[0].followReferrals=false 
>> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
>> cas.authn.ldap[0].keystorePassword=keystorepassword
>>
>>
> Try adding new properties:
> cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
> cas.authn.ldap[0].trustStorePassword=truststorepassword
>
> Then import your CA into that truststore file. I'm not certain about the 
> camel casing of those properties, but it should be something close to that.
>
 

>
> --Daniel Fisher
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b2d53683-5284-407f-a480-9ab52ff6e0d4%40apereo.org.

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-02-19 Thread Daniel Fisher

On Wed, Feb 19, 2020 at 1:21 PM Tom Healey  wrote:

> LDAPS issue
>
> Hi all!
> I get the following error when trying to communicate to MS AD server over
> LDAPS.
> (PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target)
>
> here is my relevant LDAP config in cas.properties
>
> cas.authn.ldap[0].name=Active Directory
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldaps://XXX.XXX.XXX.XXX:636
> cas.authn.ldap[0].useSsl=true
> cas.authn.ldap[0].baseDn="set to sane value"
> cas.authn.ldap[0].searchFilter="set to sane value"
> cas.authn.ldap[0].bindDn="set to sane value"
> cas.authn.ldap[0].bindCredential="set to sane value"
> cas.authn.ldap[0].dnFormat="set to sane value"
> cas.authn.ldap[0].connectTimeout=1000
>
> cas.authn.ldap[0].principalAttributeList=memberOf,cn,givenName,mail,givenName,mail,sn
> cas.authn.ldap[0].followReferrals=false
> cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
> cas.authn.ldap[0].keystorePassword=keystorepassword
>
>
Try adding new properties:
cas.authn.ldap[0].trustStore=file:/etc/cas/thetruststore
cas.authn.ldap[0].trustStorePassword=truststorepassword

Then import your CA into that truststore file. I'm not certain about the
camel casing of those properties, but it should be something close to that.

--Daniel Fisher

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFC6YwSCS79AgU-G4fSW9stzKkiTkxhphz_uiO%2Bww_%2BtmbPxkg%40mail.gmail.com.

[cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

2020-02-19 Thread Tom Healey

 LDAPS issue

Hi all!
I get the following error when trying to communicate to MS AD server over 
LDAPS.
(PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target)

here is my relevant LDAP config in cas.properties

cas.authn.ldap[0].name=Active Directory
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldaps://XXX.XXX.XXX.XXX:636
cas.authn.ldap[0].useSsl=true
cas.authn.ldap[0].baseDn="set to sane value"
cas.authn.ldap[0].searchFilter="set to sane value"
cas.authn.ldap[0].bindDn="set to sane value"
cas.authn.ldap[0].bindCredential="set to sane value"
cas.authn.ldap[0].dnFormat="set to sane value"
cas.authn.ldap[0].connectTimeout=1000
cas.authn.ldap[0].principalAttributeList=memberOf,cn,givenName,mail,givenName,mail,sn
cas.authn.ldap[0].followReferrals=false 
cas.authn.ldap[0].keystore=file:/etc/cas/thekeystore
cas.authn.ldap[0].keystorePassword=keystorepassword

I used the suggestions on the pages belowto see what certs a server may 
have and found out what certs the server had :
https://jfrog.com/knowledge-base/how-to-resolve-unable-to-find-valid-certification-path-to-requested-target-error/
and 
https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-error-779355358.html

I used this command to find out what certs I needed to add to the keystore.

openssl s_client -showcerts -connect XX.XX.XX.XX:636



*NOTE: *

*I do not want to add the certs to the cacerts file in host machine as I am 
performing a docker build and I want to make all things the app needs to be 
loaded in the container.*

openssl s_client -showcerts command showed 2 certs and I imported them both 
using command line like below



#CAR -- root cert from AD server
keytool -alias myalias -trustcacerts -importcert -keystore 
etc/cas/theKeystore -storepass  -file etc/cas/myalias.cer 

#CAS2 -- server cert from AD server
keytool -importcert -keystore etc/cas/theKeystore -storepass  -file 
etc/cas/myalias2.cer -alias myalias2 -trustcacerts

* I also used the sslpoke  class from the 2nd URL to test the connection. 
It failed.*

*I think I have performed the task needed and I still get the error.*

Thanks,
Tom

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/44006f90-6bb3-4b1e-ae0e-c74121aa356a%40apereo.org.

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

Re: [cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

[cas-user] Secure Ldap (LDAPS) --(PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

11 matches

Site Navigation

Mail list logo

Footer information