geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alehx <haberl...@uwplatt.edu>
Subject Error: "unable to find valid certification path to requested target"
Date Thu, 16 Jul 2009 23:29:42 GMT

We are developing a web application that requires LDAP authentication to 1)
Determine if the user exists and his/her credentials are correct 2) to serve
the correct pages and privileges to authenticated users.

However, we have reached a road block. After implementing the security
realms, keystores, and web-specific deployment plans, we have been unable to
get past the authentication prompt for user credentials.

No matter what I have tried, the error message is always

ERROR [LDAPLoginModule] javax.naming.CommunicationException: simple bind
failed: my.ldap.server:636 [Root exception is
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target]

WARN  [log] AUTH FAILURE: user UserName

I followed the keytool directives for obtaining a valid certificate and
created a new certificate via the Geronimo console. I have also tried
importing a valid certificate manually buy copy/paste and changes to the
config.xml file.. all to no avail.

If the issue is the security realm, we have contacted the LDAP server
administrators and obtained the correct settings for our use. I have tried
creating an ldap security realm via the console and via the
geronimo-application.xml

I'm not sure if the issue is the server believes the certificate is invalid
or it cannot find a matching certificate after the LDAP server is contacted.

The keystore I am using is in the geronimo var/security/keystore directory
and also registered in the system wide java keystore (cacerts.)

If anyone could suggest some things to get geronimo to accept the
certificates in my keystore or to somehow link them so they will be of use
would be great.

Thanks
-- 
View this message in context: http://www.nabble.com/Error%3A-%22unable-to-find-valid-certification-path-to-requested-target%22-tp24526223s134p24526223.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.


Mime
View raw message