[lsc-users] unable to find valid certification path to requested target

Clément OUDOT clem.oudot at gmail.com
Thu Oct 16 09:30:48 CEST 2014


2014-10-15 17:57 GMT+02:00 Anderson <andersonp.almeida at gmail.com>:

>
> Hi All,
>

Hi,



>
> I am learning to use the LSC and need help please.
> I'm having problems trying to connect to a remote server LDAPS on port 636
>
> Here are my settings:
>
>       <ldapConnection>
>                         <name>ldap-dst-conn</name>
>                         <url>ldaps://remotehost/ou=people,dc=homolog,dc=br
> </url>
>
> <username>cn=userrep,ou=people,dc=homolog,dc=br</username>
>                         <password>secret</password>
>                         <authentication>SIMPLE</authentication>
>                         <referral>IGNORE</referral>
>                         <derefAliases>NEVER</derefAliases>
>                         <version>VERSION_3</version>
>                         <pageSize>-1</pageSize>
>                         <factory>com.sun.jndi.ldap.LdapCtxFactory</factory>
>                         <tlsActivated>false</tlsActivated>
>                 </ldapConnection>
>
>
> The certificates:
>
> cat LAB_CER.cer  LAB_KEY.key  > LAB.pem
> #keytool -import -file /etc/lsc/certs/LAB.pem -keystore
> /etc/lsc/certs/labcert
> #keytool -import -file /etc/lsc/certs/LAB_CA.cer -keystore
> /etc/lsc/certs/cacert
> the shell script:
> SSL_OPTS="-Djavax.net.ssl.keyStore=/etc/lsc/certs/labcert
>  -Djavax.net.ssl.keyStorePassword=secret
> -Djavax.net.ssl.trustStore=/etc/lsc/certs/cacert
> -Djavax.net.ssl.trustStorePassword=secret"
>
>
> I checked the certificate
> #openssl s_client -connect remotehost:636 -cert LAB_CER.cer -key
> LAB_KEY.key
> CONNECTED(00000003)
> depth=1 DC = lab, DC = homolog, CN = homolog
> verify error:num=19:self signed certificate in certificate chain
> verify return:0
> ---
> Certificate chain
> .
> .
> .
>
> The error:
> # lsc -s Lab -c Lab
> Oct 15 12:04:21 - INFO  - Logging configuration successfully loaded from
> /etc/lsc/logback.xml
> Oct 15 12:04:21 - INFO  - LSC configuration successfully loaded from
> /etc/lsc/
> Oct 15 12:04:22 - INFO  - Connecting to LDAP server
> ldaps://remotehost/ou=pop-al,ou=people,dc=homolog,dc=br as
> cn=userrep,ou=people,dc=homolog,dc=br
> Oct 15 12:04:22 - ERROR - Error opening the LDAP connection to the
> destination! (javax.naming.CommunicationException: simple bind failed:
> remotehost:636 [Root exception is javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target])
> Oct 15 12:04:22 - ERROR - org.lsc.exception.LscConfigurationException:
> Configuration exception: javax.naming.CommunicationException: simple bind
> failed: remotehost:636 [Root exception is
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target]
>
>
>
> Please, where I mistake?
>
>

Have you tried to export SSL_OPTS before running lsc?


Clément.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lsc-project.org/pipermail/lsc-users/attachments/20141016/3824708f/attachment-0001.htm>


More information about the lsc-users mailing list