Skip to Content.
Sympa Menu

grouper-users - [grouper-users] grouper subject engine LDAP cert errors

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] grouper subject engine LDAP cert errors


Chronological Thread 
  • From: Liam Hoekenga <>
  • To:
  • Subject: [grouper-users] grouper subject engine LDAP cert errors
  • Date: Wed, 31 Jan 2018 14:02:01 -0600
  • Ironport-phdr: 9a23:XQp/shNnyWMkpF423ucl6mtUPXoX/o7sNwtQ0KIMzox0LfX+rarrMEGX3/hxlliBBdydt6odzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlViDanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD+s7bpkSAXwhSkHOTA383zZhNJsg69Auh2tuwZyzpTIbI2JNvdzeL7Wc9MARWpGW8ZcTypPAoKmYIsKEuEPP+FYoJf+p1QQqxu+ChOjD/7oxz9Mh3/5x6g60/46HAHb2QwgHs4BsHTOoNrrKagSTPm4wa/VxjvNaPNW3C3y6InOch05vPGMWLNwftbRyUU1CQzKk0iQpZTnPzyPyOQCqWea4/BmVe2xl24qrRx6rDu3xso0lIXEh54Zx1LB+CV3w4s6PsG0RUt0bNK4DJdfqSSXOJdqTs8+RmxlvTg2xqMdtpO9YSME0o4oxwTFZPyCa4WI4gzsVOKWITpggXJqYrO/hxKr/Ui4xO3wStC40VlUoiZbidbArH8N1xvU6siITvty4F2t1iqI1wDW8u1EIEY0mrTHK5M53LI9l4YfvEbGEy/4m0j5l7Oae0Ar9+S09+jofLDrqYOAO4NojwzzN7oiltKkDuggNwgBRWmb+eCy1L35+k35Ra1Hjvk3kqbDtZDaP98WprO8Aw9Uzokj6wyzACm739QFhXUHNk5KeAqbj4j1PFHDOP/4De24g1SxiDdk2erGMqT8ApXWMHfDiqzhcK15605d0woz0ctf64xOBrEAJvLzRlH+tMbeDhAnLwy43fzrB8tg2YMDCiqzBfqWKqTPqVKSo/80LvOXTI4TpDvnLfU5vbjjgWJqt0UaePyN3JISIFC/E/drJUqQKS7og94EC08Xuws1TKrnhEDUAm0bXGq7Q69pvmJzM4mhF4qWHo0=
I just installed API patches 90 and 91, and now I can't connect to the LDAP server defined in my subject.properties. 

The logs say...
2018-01-31 14:40:51,016: [localhost-startStop-1] ERROR DefaultLdapFactory.create(109) -  - unabled to connect to the ldap
javax.naming.CommunicationException: simple bind failed: mcqa-vault2.dsc.umich.edu:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Hostname '[mcqa-vault2.dsc.umich.edu]' does not match the hostname in the server's certificate]

Seems straightforward enough... but...
I've checked the cert's CN using "openssl s_client", and it's a match.
I've verified that the CA cert for our institutional CA that signed the cert is in the javax.net.ssl.trustStore being used for Tomcat.

Any ideas?

Liam

Archive powered by MHonArc 2.6.19.

Top of Page