Product: TIBCO Spotfire®
ERROR: "Unable to find valid certification path to requested target", while configuring LDAP with SSL on TIBCO Spotfire Server.
Product: TIBCO Spotfire Server Version: All supported versions OS: All Supported Operating Systems -------------------- This article describes the resolution for ERROR: "Unable to find valid certification path to requested target" while configuring LDAP with SSL (LDAPS) on TIBCO Spotfire Server. A user may get this error message while restarting the Server after LDAP configuration using SSL (LDAPS). TIBCO Spotfire Server fails to start with following entries in the log files (server.log and catalina..log): ---------------------------------------------------------------------------------------------------------------------------- ERROR 2015-12-17T12:07:59,553-0600 [*Initialization*] web.context.ContextLoader: Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapConfigFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.spotfire.server.ldap.LdapConfigFactory]: Constructor threw exception; nested exception is com.spotfire.server.ServerInitializationException: Error initializing run-time properties for LDAP configuration 'LDAP_Config_Name' at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:285) ................ Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.spotfire.server.ldap.LdapConfigFactory]: Constructor threw exception; nested exception is com.spotfire.server.ServerInitializationException: Error initializing run-time properties for LDAP configuration 'LDAP_Config_Name' at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:163) ................ ... 28 more Caused by: com.spotfire.server.ServerInitializationException: Error initializing run-time properties for LDAP configuration 'LDAP_Config_Name' at com.spotfire.server.ldap.LdapConfigFactory.initReferencedLdapConfigs(LdapConfigFactory.java:190) ................ ... 30 more Caused by: javax.naming.CommunicationException: simple bind failed: dspmppadlds.gatewayedi.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219) ................ ... 37 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ............... ... 52 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ............... ... 65 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) ............. ... 71 more ------------------------------------------------------------------------------------------------------------------------- TIBCO Spotfire server is not able to trust the LDAP server certificate while connecting to LDAP Server through SSL (LDAPS) Import the LDAP server certificate into Spotfire server keystore to make it trusted. ------ Instructions to import LDAP Server certificate to Spotfire Server keystore -------- 1). Get the LDAP server certificate and all intermediate certificates (if they exist) from LDAP Admin. The domain root certificate along with intermediate certificates will also work if LDAP server certificate is signed by the domain root CA. 2). Import all the above certificates into a Java keystore of Spotfire server with the following command. The default keystore is "\jdk\jre\lib\security\cacerts" and its password is "changeit". \jdk\bin\keytool -importcert -trustcacerts -alias LDAP_CERT -file ldap_cert_file_with_path -keystore "\jdk\jre\lib\security\cacerts" -storepass changeit Where: LDAP_CERT - A name for the LDAP Server certificate in store. ldap_cert_file_with_path - LDAP Server Certificate file name with complete path. 3). Restart the Spotfire server. 1). Chapter "Configuring LDAPS" on Spotfire Server Installation manual.(https://docs.tibco.com/pub/spotfire_server/7.0.0/doc/pdf/TIB_sfire_server_7.0.0_installation.pdf) 2). Using the keytool utility (https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html)
Comments
0 comments
Article is closed for comments.