Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledge Base
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Columbus Signals Image Artist
Downloads
Downloads
Community
Support Forums Ideas Portal Product Basics
About Support
Legal Resources Support and Maitiance Plans Product Life Cycle Support News
Contact Support

LDAPS authentication or synchronization fails with "No subject alternative DNS name matching found" error

Rich Talbot
  • Updated
Date Posted:
Product: TIBCO Spotfire®

Problem:

LDAPS authentication or synchronization fails with "No subject alternative DNS name matching found" error


Solution:

An LDAP authentication or synchronization may fail and the following warning can be seen in TIBCO Spotfire Server server.log file: 

WARN 2019-01-11T23:29:50,436-0500 [*LdapSynchronizer.RestartRunnable*] server.ldap.LdapSearcher: Error performing an LDAP search javax.naming.PartialResultException: null
Caused by: javax.naming.CommunicationException: XXXX:636
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching XXXX found.
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching XXXX found.

  Starting in version 1.8.0_181 of the Java Development Kit, or JDK, there was a change in the way the LDAP hostname is validated. The change was made to increase security and thus the exception reported above is a valid error that should be corrected. For additional details on the change, see the JDK 1.8.0_181 Release Notes under the Improve LDAP Support section. This change introduced in JDK version 1.8.0_181 adds additional security and improves the robustness of LDAPS (secure LDAP over TLS) connections by enabling endpoint identification algorithms by default. That means there may be situations where previously working LDAPS connections stop working after an upgrade to Spotfire version 10.0 and higher, as Spotfire version 10 includes the JDK version 1.8.0_181 (Java SE Development Kit 8, Update 181) is bundled with Spotfire starting with v10.0.0. Because of this there may now be a need to regenerate your certificates to include the complete URL for your LDAP server.

To resolve the issue:

Regenerate your certificate to include the complete LDAP server URL
When regenerating the certificate:
  • Ensure that you include the complete URL for your LDAP server in the certificate, in either the Subject or Alternate Name extension of the certificate.
  • Ensure that all of your hostname, CNAME, DNS entries are all up to date and the server names match the certificates
Doc: Configuring LDAPS: External :Oracle Release notes: 1.8.0_181 version: Improve LDAP Support:

Related articles