ERROR: "Unable to find valid certification path to requested target", while configuring LDAP with SSL on TIBCO Spotfire Server.
Article ID: KB0082451
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.0 and prior |
Description
Description:
This article describes the resolution for ERROR: "Unable to find valid certification path to requested target" while configuring LDAP with SSL (LDAPS) on TIBCO Spotfire Server. A user may get this error message while restarting the Server after LDAP configuration using SSL (LDAPS).
Symptoms:
Cause:
TIBCO Spotfire server is not able to trust the LDAP server certificate while connecting to LDAP Server through SSL (LDAPS)
This article describes the resolution for ERROR: "Unable to find valid certification path to requested target" while configuring LDAP with SSL (LDAPS) on TIBCO Spotfire Server. A user may get this error message while restarting the Server after LDAP configuration using SSL (LDAPS).
Symptoms:
TIBCO Spotfire Server fails to start with following entries in the log files (server.log and catalina.<date>.log):
----------------------------------------------------------------------------------------------------------------------------
ERROR 2015-12-17T12:07:59,553-0600 [*Initialization*] web.context.ContextLoader: Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapConfigFactory' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.spotfire.server.ldap.LdapConfigFactory]: Constructor threw exception; nested exception is com.spotfire.server.ServerInitializationException: Error initializing run-time properties for LDAP configuration 'LDAP_Config_Name'
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:285)
................ <removed>
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.spotfire.server.ldap.LdapConfigFactory]: Constructor threw exception; nested exception is com.spotfire.server.ServerInitializationException: Error initializing run-time properties for LDAP configuration 'LDAP_Config_Name'
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:163)
................ <removed>
... 28 more
Caused by: com.spotfire.server.ServerInitializationException: Error initializing run-time properties for LDAP configuration 'LDAP_Config_Name'
at com.spotfire.server.ldap.LdapConfigFactory.initReferencedLdapConfigs(LdapConfigFactory.java:190)
................ <removed>
... 30 more
Caused by: javax.naming.CommunicationException: simple bind failed: dspmppadlds.gatewayedi.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:219)
................ <removed>
... 37 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
...............<removed>
... 52 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
...............<removed>
... 65 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
.............<removed>
... 71 more
-------------------------------------------------------------------------------------------------------------------------
Cause:
TIBCO Spotfire server is not able to trust the LDAP server certificate while connecting to LDAP Server through SSL (LDAPS)
Issue/Introduction
ERROR: "Unable to find valid certification path to requested target", while configuring LDAP with SSL on TIBCO Spotfire Server.
Resolution
Import the LDAP server certificate into Spotfire server keystore to make it trusted.
------ Instructions to import LDAP Server certificate to Spotfire Server keystore --------
1). Get the LDAP server certificate and all intermediate certificates (if they exist) from LDAP Admin. The domain root certificate along with intermediate certificates will also work if LDAP server certificate is signed by the domain root CA.
2). Import all the above certificates into a Java keystore of Spotfire server with the following command. The default keystore is "<Server installation folder>\jdk\jre\lib\security\cacerts" and its password is "changeit".
<Server installation folder>\jdk\bin\keytool -importcert -trustcacerts -alias LDAP_CERT -file ldap_cert_file_with_path -keystore "<Server installation folder>\jdk\jre\lib\security\cacerts" -storepass changeit
Where:
LDAP_CERT - A name for the LDAP Server certificate in store.
ldap_cert_file_with_path - LDAP Server Certificate file name with complete path.
3). Restart the Spotfire server.
Additional Information
1). Chapter "Configuring LDAPS" on Spotfire Server Installation manual.(https://docs.tibco.com/pub/spotfire_server/7.0.0/doc/pdf/TIB_sfire_server_7.0.0_installation.pdf)
2). Using the keytool utility (https://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html)
Feedback
Yes
No
Powered by
