You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by alehx <ha...@uwplatt.edu> on 2009/07/17 01:29:42 UTC
Error: "unable to find valid certification path to requested
target"
We are developing a web application that requires LDAP authentication to 1)
Determine if the user exists and his/her credentials are correct 2) to serve
the correct pages and privileges to authenticated users.
However, we have reached a road block. After implementing the security
realms, keystores, and web-specific deployment plans, we have been unable to
get past the authentication prompt for user credentials.
No matter what I have tried, the error message is always
ERROR [LDAPLoginModule] javax.naming.CommunicationException: simple bind
failed: my.ldap.server:636 [Root exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target]
WARN [log] AUTH FAILURE: user UserName
I followed the keytool directives for obtaining a valid certificate and
created a new certificate via the Geronimo console. I have also tried
importing a valid certificate manually buy copy/paste and changes to the
config.xml file.. all to no avail.
If the issue is the security realm, we have contacted the LDAP server
administrators and obtained the correct settings for our use. I have tried
creating an ldap security realm via the console and via the
geronimo-application.xml
I'm not sure if the issue is the server believes the certificate is invalid
or it cannot find a matching certificate after the LDAP server is contacted.
The keystore I am using is in the geronimo var/security/keystore directory
and also registered in the system wide java keystore (cacerts.)
If anyone could suggest some things to get geronimo to accept the
certificates in my keystore or to somehow link them so they will be of use
would be great.
Thanks
--
View this message in context: http://www.nabble.com/Error%3A-%22unable-to-find-valid-certification-path-to-requested-target%22-tp24526223s134p24526223.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Error:
"unable to find valid certification path to requested target"
Posted by "nithya.srinivasan@sun.com" <Ni...@Sun.COM>.
If you using ldaps?
Can you check if the root ca certs are in the server jdk
and that the truststore points to the right truststore
I just solved one issue
where the root ca's where in c:/java/jdk/jre/lib/security/cacerts
and the truststore was pointing to c:/java/jre/lib/security/cacerts
Thanks
Nithya
alehx wrote:
> We are developing a web application that requires LDAP authentication to 1)
> Determine if the user exists and his/her credentials are correct 2) to serve
> the correct pages and privileges to authenticated users.
>
> However, we have reached a road block. After implementing the security
> realms, keystores, and web-specific deployment plans, we have been unable to
> get past the authentication prompt for user credentials.
>
> No matter what I have tried, the error message is always
>
> ERROR [LDAPLoginModule] javax.naming.CommunicationException: simple bind
> failed: my.ldap.server:636 [Root exception is
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target]
>
> WARN [log] AUTH FAILURE: user UserName
>
> I followed the keytool directives for obtaining a valid certificate and
> created a new certificate via the Geronimo console. I have also tried
> importing a valid certificate manually buy copy/paste and changes to the
> config.xml file.. all to no avail.
>
> If the issue is the security realm, we have contacted the LDAP server
> administrators and obtained the correct settings for our use. I have tried
> creating an ldap security realm via the console and via the
> geronimo-application.xml
>
> I'm not sure if the issue is the server believes the certificate is invalid
> or it cannot find a matching certificate after the LDAP server is contacted.
>
> The keystore I am using is in the geronimo var/security/keystore directory
> and also registered in the system wide java keystore (cacerts.)
>
> If anyone could suggest some things to get geronimo to accept the
> certificates in my keystore or to somehow link them so they will be of use
> would be great.
>
> Thanks
>