[lsc-users] unable to find valid certification path to requested target

Anderson andersonp.almeida at gmail.com
Wed Oct 15 17:57:27 CEST 2014 

Hi All,

I am learning to use the LSC and need help please.
I'm having problems trying to connect to a remote server LDAPS on port 636

Here are my settings:

      <ldapConnection>
                        <name>ldap-dst-conn</name>
                        <url>ldaps://remotehost/ou=people,dc=homolog,dc=br
</url>

<username>cn=userrep,ou=people,dc=homolog,dc=br</username>
                        <password>secret</password>
                        <authentication>SIMPLE</authentication>
                        <referral>IGNORE</referral>
                        <derefAliases>NEVER</derefAliases>
                        <version>VERSION_3</version>
                        <pageSize>-1</pageSize>
                        <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
                        <tlsActivated>false</tlsActivated>
                </ldapConnection>


The certificates:

cat LAB_CER.cer  LAB_KEY.key  > LAB.pem
#keytool -import -file /etc/lsc/certs/LAB.pem -keystore
/etc/lsc/certs/labcert
#keytool -import -file /etc/lsc/certs/LAB_CA.cer -keystore
/etc/lsc/certs/cacert
the shell script:
SSL_OPTS="-Djavax.net.ssl.keyStore=/etc/lsc/certs/labcert
 -Djavax.net.ssl.keyStorePassword=secret
-Djavax.net.ssl.trustStore=/etc/lsc/certs/cacert
-Djavax.net.ssl.trustStorePassword=secret"


I checked the certificate
#openssl s_client -connect remotehost:636 -cert LAB_CER.cer -key LAB_KEY.key
CONNECTED(00000003)
depth=1 DC = lab, DC = homolog, CN = homolog
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
.
.
.

The error:
# lsc -s Lab -c Lab
Oct 15 12:04:21 - INFO  - Logging configuration successfully loaded from
/etc/lsc/logback.xml
Oct 15 12:04:21 - INFO  - LSC configuration successfully loaded from
/etc/lsc/
Oct 15 12:04:22 - INFO  - Connecting to LDAP server
ldaps://remotehost/ou=pop-al,ou=people,dc=homolog,dc=br as
cn=userrep,ou=people,dc=homolog,dc=br
Oct 15 12:04:22 - ERROR - Error opening the LDAP connection to the
destination! (javax.naming.CommunicationException: simple bind failed:
remotehost:636 [Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target])
Oct 15 12:04:22 - ERROR - org.lsc.exception.LscConfigurationException:
Configuration exception: javax.naming.CommunicationException: simple bind
failed: remotehost:636 [Root exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target]



Please, where I mistake?

Grateful
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lsc-project.org/pipermail/lsc-users/attachments/20141015/116f68c5/attachment.htm>

More information about the lsc-users mailing list