You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by A M <ma...@gmail.com> on 2021/12/24 00:19:25 UTC

docker guacamole + ldap using tls, external truststore?

Hello,
I've pointed guacamole (running in docker) to an LDAP server using TLS that
uses a self-signed certificate that is not trusted by Java.

I assume I need to have guacamole look in another keystore to trust the
certificate.

Does anyone know how to do that?

Thanks.

Btw, here is the exception I get when logging in:

[NioProcessor-1] WARN  o.a.d.l.c.api.LdapNetworkConnection - SSL handshake
failed.
javax.net.ssl.SSLHandshakeException: SSL handshake failed.
        at
org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:536)
        at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
        at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)
        at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128)
        at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122)
        at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
        at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:643)
        at
org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:539)
        at
org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68)
        at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1222)
        at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1211)
        at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683)
        at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
        at sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at
sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
        at
sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
        at
sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
        at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
        at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
        at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
        at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
        at
sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:981)
        at
sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968)
        at java.security.AccessController.doPrivileged(Native Method)
        at
sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:915)
        at
org.apache.mina.filter.ssl.SslHandler.doTasks(SslHandler.java:813)
        at
org.apache.mina.filter.ssl.SslHandler.handshake(SslHandler.java:588)
        at
org.apache.mina.filter.ssl.SslHandler.messageReceived(SslHandler.java:355)
        at
org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:517)
        ... 15 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456)
        at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
        at sun.security.validator.Validator.validate(Validator.java:271)
        at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
        at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:278)
        at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
        at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
        ... 27 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
        at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
        at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
        at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
        ... 33 common frames omitted