Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] Cert trust, subject lookup vs grouper loader

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] Cert trust, subject lookup vs grouper loader


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: Darren Boss <>, "" <>
  • Subject: RE: [grouper-users] Cert trust, subject lookup vs grouper loader
  • Date: Tue, 12 Dec 2017 19:30:52 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:ckEW3xZVupftNfxeQ1t01AL/LSx+4OfEezUN459isYplN5qZpsyyZx7h7PlgxGXEQZ/co6odzbaO6ua4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahfL9+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v9LlgRgP2hygbNj456GDXhdJ2jKJHuxKquhhzz5fJbI2JKPZye6XQds4YS2VcRMZcTyxPDJ2hYYsTAeQPPuhYoIv8p1QSohSzHhOjCP/zxjJSmnP6wa833uI8Gg/GxgwgGNcOvWzaoNv3NKYTUP66zLPQwT7ecf5W2S396InTchwvvPqBWrdwftbRyUgvFgLKkE+QpJfkPzOOyusBqXWb7/J+WuKpjW4rsR9+rSWyxso1jITCm4wbylfB9SpjwYY1I8W1SFV7Yd6lC5RfrCaaN49oTcM+Q2FkoiA6xaMauZKjYCcF0pAnyALCa/yDb4eH+BTjW/yMLjhinn5qZKiwiw6u/kinz+38TtS00EpUoSVZiNbMsGoC2AHJ5cSdVvRy5EGs0iuM2QDL8uxIP1o7mbbGJ5Mk37I8i4cfvEHNHiL5hEn6kKqbe0c69eWn9+jqZ7DrqoGAO4J2kg3yL6ojltClDek8LwQCRXaX9fm42bH54EH0QrRHg/srmafDqp/aP94UpquhDg9VzIkj7xG/Ai++3tkEmncLME9JdAuagYbxJl3COff4AuyhjFi2lzdr2uzGMabmApXQKHjMja3tfa5n605b1Ao808xQ545VCrEGJvL/QEjxtMHEDh89NAy0xOXnBM9h2YMZXGKDGq6ZMKXMvl+U/u8jPfODaJMItDv4NvQp+uPigHo3mVISYaWlwZ4aZXKmEflpP0mUZH/hjskdHWoIpgY+SfbliFyGUT5dfXayWKc86yk+CI26DYfCRoGsj6Kb3CqgH51WfXxJBkqREXfwaYqEXfEMZDiMLcB8jzwITaKhRJM51RGyqA/6zKJqLuXO+i0fqJLjzMZ65/fKmREv7jx7Ed6d03qWQmFwn2MIXCM23LthrUBny1eD17R4jOJCFdxV+fxJThk2OYTCwONnFtChEj7GK/uAUkyrRJ2MBioqBoY9ysUUbkA7EdK5lTjI2C+yHqMYnLWNDZA9tKnViTy5bclnzGve2bNkkkIrWNBnNGu6i7R5+hSJQYPFjg/Rw6mwcrkE0TSI6XyO13GmvUdEXRR2XLmfG30Tex2Fg87+4xaIb668BK5jeiBB08+ZYOMeb9bpnEdLXt/iI9+Yfnq8nWH2CBqVkODfJLH2cnkQiX2OQHMPlBoeqDPfbVAz
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Yes, uses jvm cert.  Does this link apply to you?  Maybe set debug logging on vt-ldap and see what it says?  Was the cert recently upgraded?

 

https://issues.shibboleth.net/jira/si/jira.issueviews:issue-html/SC-181/SC-181.html

 

Maybe add cert to java jvm…

 

Get the cert:

 

openssl s_client -connect u.r.l:port

 

openssl x509 -in cert.pem -out cert.der -outform DER

 

chmod +w JAVA_HOME/jre/lib/security/cacerts

JAVA_HOME/bin/keytool -import -keystore JAVA_HOME/jre/lib/security/cacerts -file cert.der -alias CERT_ALIAS

chmod -w JAVA_HOME/jre/lib/security/cacerts

 

 

does it help?

 

From: [mailto:] On Behalf Of Darren Boss
Sent: Tuesday, December 12, 2017 1:02 PM
To:
Subject: [grouper-users] Cert trust, subject lookup vs grouper loader

 

I'm having a strange issue where I'm getting "does not match the hostname in the server's certificate" for grouper loader jobs while at the same time I'm using the very same ldap replica in my sources.xml file and subject lookup is working just fine.

I can't find much information about ldaps certificate trust configuration in the wiki or by searching the mailing list history.

For our ldap replica are are currently using commercial certs and a wildcard cert although we are planning on switching to internal ca signed certs in the near future.

Does grouper loader rely on the jvm ca bundle for certificate trust? Why is the subject ldap connection working while the loader job is failing?

--

Darren Boss

Senior Programmer/Analyst
Programmeur-analyste principal

(o) 416.228.1234 x 230

(c) 919.525.0083


155 University Ave, Suite 302 Toronto, ON M5H 3B7
www.computecanada.ca / www.calculcanada.ca 
@ComputeCanada 


Archive powered by MHonArc 2.6.19.

Top of Page