RE: [External] Re: SSL LDAP

["Johnson, Nachay [USA]" <Jo...@bah.com.INVALID>]

Thanks for the quick response. I added the ldap cert using a different alias. I changed the alias to match the one setup on ldap and it's working now. 

Thank you so much! 



-----Original Message-----
From: Nick Couchman <vn...@apache.org> 
Sent: Tuesday, September 20, 2022 2:54 PM
To: user@guacamole.apache.org
Subject: [External] Re: SSL LDAP

On Tue, Sep 20, 2022 at 2:36 PM Johnson, Nachay [USA] <Jo...@bah.com.invalid> wrote:
>
> Trying to figure out an SSL issue with ldap. "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" I added the ldap cert to cacerts, but I still receive this message in my tomcat log. Has anyone encountered this issue?
>

Just a few quick things to check:
1) Have you restarted Tomcat after adding the certificate?
2) Have you added the issuing certificate(s) in addition to the server certificate?
3) Have you verified that the cacerts path is the one that the Java version used to run Tomcat is actually using?
4) Does the subject and/or subject alt names on the certificate match the hostname you're configuring for LDAP? So, if certificate is issued for ldap.example.com, but you're connecting with ldap1.example.com, it won't work.

-Nick

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org