Scenario:
You've configured your server to connect to LDAPS. You have imported the required LDAPS certificate into your tomcat JVM keystore. Upon opening JRS login page or doing a login attempt on the server side you get an error where {DOMAIN_NAME} is your LDAPS domain and {PORT} is port:
Message nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: simple bind failed: {DOMAIN_NAME}:{PORT} [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching {DOMAIN_NAME} found.]] Description The server encountered an unexpected condition that prevented it from fulfilling the request.
What can be done about this issue?
Solution:
The issue is caused by a certificate.
This may be related to your Java version since newer versions of Java have stricter verification process. There are some suggestions with regards to how to avoid this problem:
https://www.ibm.com/support/pages/how-resolve-ldap-error-javasecuritycertcertificateexception-no-subject-alternative-dns-name-matching-ip-address-found
https://medium.com/@sajithekanayaka/solved-java-security-cert-certificateexception-no-subject-alternative-names-present-eec1669faf0d
One of the suggestions is to regenerate the certificate so that subject alternate name or certificate's subject name matches the hostname of the LDAP server. Another option would be to try to add this to our tomcat's JVM options: -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now