Hello all,
I've got CAS working fine with LDAP and now I'm trying to push hard to get
it to work with LDAPS.
I've got a JKS store, /etc/cas/keys/store which is a JKS file, containing
two keys:
PDC-CA.FQDN public certificate
VDC.FQDN public certificate issued from PDC-CA
In my cas.properties I have...
cas.authn.ldap[0].keystore=file:/etc/cas/keys/store
cas.authn.ldap[0].keystorePassword=thecorrectpassword
cas.authn.ldap[0].keystoreType=JKS
cas.authn.ldap[0].ldapUrl=ldaps://VDC.FQDN:636
#cas.authn.ldap[0].startTLS=true
Every time I run CAS, I get:
2023-03-28 11:18:15,325 ERROR
[org.ldaptive.transport.netty.NettyConnection] - <Connection open failed
for
org.ldaptive.transport.netty.NettyConnection@183859529::ldapUrl=[org.ldaptive.LdapURL@1061528439::scheme=ldaps,
hostname=TECH23-VDC.CHS.chatham-nj.org, port=636, baseDn=null,
attributes=null, scope=null, filter=null, inetAddress=null], isOpen=false,
connectTime=null,
connectionConfig=[org.ldaptive.ConnectionConfig@647411335::ldapUrl=ldaps://VDC.FQDN:636,
connectTimeout=PT5S, responseTimeout=PT5S, reconnectTimeout=PT2M,
autoReconnect=true,
autoReconnectCondition=org.ldaptive.ConnectionConfig$$Lambda$1759/0x00000008409df840@ea45a5b,
autoReplay=true,
sslConfig=[org.ldaptive.ssl.SslConfig@1475886210::credentialConfig=[org.ldaptive.ssl.KeyStoreCredentialConfig@1686450676::trustStore=null,
trustStoreType=null, trustStoreAliases=null,
keyStore=file:/etc/cas/keys/store, keyStoreType=JKS, keyStoreAliases=null],
trustManagers=null,
hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@7a600e21,
enabledCipherSuites=null, enabledProtocols=null,
handshakeCompletedListeners=null, handshakeTimeout=PT1M],
useStartTLS=false,
connectionInitializers=[org.ldaptive.BindConnectionInitializer@393413334::bindDn=CN=casbind,CN=Users,DC=CHS,DC=chatham-nj,DC=org,
bindSaslConfig=null, bindControls=null],
connectionStrategy=[org.ldaptive.ActivePassiveConnectionStrategy@1775349092::ldapURLSet=[org.ldaptive.LdapURLSet@1166754951::active=[],
inactive=[[org.ldaptive.LdapURL@1061528439::scheme=ldaps,
hostname=VDC.FQDN, port=636, baseDn=null, attributes=null, scope=null,
filter=null, inetAddress=null]]],
activateCondition=org.ldaptive.transport.TransportConnection$$Lambda$1768/0x00000008409ddc40@296a71df,
retryCondition=org.ldaptive.AbstractConnectionStrategy$$Lambda$1762/0x00000008409df440@4db4431b,
initialized=true], connectionValidator=null, transportOptions={}],
channel=null>
and an error:
org.ldaptive.ConnectException: javax.net.ssl.SSLException:
javax.net.ssl.SSLHandshakeException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
Do I need to add the PDC-CA certificate elsewhere? I'm kind of stumped.
Thanks!
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e4f7108c-88b6-470a-ac98-ac98dde6b103n%40apereo.org.
