Results 1 to 3 of 3

Thread: GAL and ldaps://

  1. #1
    Join Date
    May 2007
    Posts
    19
    Rep Power
    8

    Default GAL and ldaps://

    Hi,

    I'm trying to connect to an external GAL using LDAP. This works very well. Now I want to secure the LDAP connection using SSL. So, I clicked 'ssl' in the admin console and tested the connection. The LDAP server is running at an external host and ldaps is available.

    This is the error I'm getting:
    Code:
    unable to find valid certification path to requested target
    I suppose this is because the cert is self-signed and unknown to Zimbra as a trusted authority.

    How can I:
    - add this cert as trusted?
    - or skip the certificate checks and just use a secure channel?

    Thanks for any hints! :-)


    Long version of the error:

    Code:
    javax.naming.CommunicationException: simple bind failed: ldap.example.net:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
    	at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)
    	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
    	at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:283)
    	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
    	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
    	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
    	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
    	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
    	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
    	at javax.naming.InitialContext.init(InitialContext.java:223)
    	at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:134)
    	at com.zimbra.cs.account.ldap.LdapUtil.getDirContext(LdapUtil.java:239)
    	at com.zimbra.cs.account.ldap.LdapUtil.searchLdapGal(LdapUtil.java:845)
    	at com.zimbra.cs.account.ldap.Check.checkGalConfig(Check.java:187)
    	at com.zimbra.cs.service.admin.CheckGalConfig.handle(CheckGalConfig.java:57)
    	at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:270)
    	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:168)
    	at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:90)
    	at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:223)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
    	at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:162)
    	at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
    	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
    	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
    	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:667)
    	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
    	at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
    	at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
    	at java.lang.Thread.run(Thread.java:595)
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
    	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
    	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
    	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
    	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
    	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
    	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
    	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
    	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
    	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
    	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
    	at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
    	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
    	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
    	at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390)
    	at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
    	at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192)
    	... 36 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
    	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
    	at sun.security.validator.Validator.validate(Validator.java:203)
    	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
    	at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
    	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
    	... 48 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
    	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
    	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
    	... 53 more

  2. #2
    Join Date
    May 2007
    Posts
    19
    Rep Power
    8

    Default

    I solved this issue by buying a cert from Thawte.

  3. #3
    Join Date
    Jun 2007
    Location
    Philippines
    Posts
    193
    Rep Power
    8

    Default

    Quote Originally Posted by tigger View Post
    I solved this issue by buying a cert from Thawte.
    I wonder if that could be the solution alwasy for this problem, but one clear thing, that particular error requires a valid cert.

Similar Threads

  1. Zimbra dies after some time
    By czaveri in forum Installation
    Replies: 17
    Last Post: 04-07-2006, 08:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •