geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jarek Gawor <>
Subject Re: Error: "unable to find valid certification path to requested target"
Date Fri, 17 Jul 2009 02:50:20 GMT
I would recommend reading/looking at
and enabling SSL debugging. That should tell you what exactly is
going, which keystore is being used, etc.

I agree with David that probably the client doesn't recognize/trust
the ldap server's certificate. You'll need to import it into the right

I'm pretty sure you will need to import the ldap server's cert into
your JVM keystore (cacert) since by default that's what used for
outbound connections. If you import it into Geronimo's keystore you
will need to set the following properties when starting the server:$GERONIMO_HOME/var/security/keystores/geronimo-default


On Thu, Jul 16, 2009 at 5:08 PM, alehx<> wrote:
> I have searched google and the geronimo knowledge base far and wide and have
> not been able to come up with a solution to my issue.
> We are developing a web application that requires LDAP authentication to 1)
> Determine if the user exists and his/her credentials are correct 2) to serve
> the correct pages and privileges to authenticated users.
> However, we have reached a road block. After implementing the security
> realms, keystores, and web-specific deployment plans, we have been unable to
> get past the authentication prompt for user credentials.
> No matter what I have tried, the error message is always
> ERROR [LDAPLoginModule] javax.naming.CommunicationException: simple bind
> failed: my.ldap.server:636 [Root exception is
> PKIX path building failed:
> unable to find
> valid certification path to requested target]
> WARN  [log] AUTH FAILURE: user UserName
> I followed the keytool directives for obtaining a valid certificate and
> created a new certificate via the Geronimo console. I have also tried
> importing a valid certificate manually buy copy/paste and changes to the
> config.xml file.. all to no avail.
> If the issue is the security realm, we have contacted the LDAP server
> administrators and obtained the correct settings for our use. I have tried
> creating a server via the console and via the geronimo-application.xml
> I'm not sure if the issue is the server believes the certificate is invalid
> or it cannot find a matching certificate after the LDAP server is contacted.
> The keystore I am using is in the geronimo var/security/keystore directory
> and also registered in the system wide java keystore (cacerts.)
> If anyone could suggest some things to get geronimo to accept the
> certificates in my keystore or to somehow link them so they will be of use
> would be great.
> Thanks
> --
> View this message in context:
> Sent from the Apache Geronimo - Dev mailing list archive at

View raw message