Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] grouper subject engine LDAP cert errors

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] grouper subject engine LDAP cert errors


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: Liam Hoekenga <>, "" <>
  • Subject: RE: [grouper-users] grouper subject engine LDAP cert errors
  • Date: Wed, 31 Jan 2018 20:06:10 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:I81TPhdzT+ziHGOss8E8tG+MlGMj4u6mDksu8pMizoh2WeGdxc26YhyN2/xhgRfzUJnB7Loc0qyK6/mmATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfa5+IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4rx1QxH0ligIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNgHR2ROQ9xRWjRBDI2icoUPE+QPM+VWr4b/plsBsRSxCBK2C+/z1jNFnGP60bE43uknDArI3BYgH9ULsHnMotn7NqcTUOGrw6nS1TnIcu1b2Tfn6IjJaRAtr+yHULV1ccXNyUkuFwLEgUuKqYH+PjOVzfgCv3KG7+p4S+2vjWgnpxtvrTey28chk4/EjZ8bxFDD8CV22oc1JdugRU5mZN6kEYdftyGAO4RoX8wiXnlkuCQgxb0Yo5G6czIGyJI5yB7DbfGMbouG4gr7WeqPOzh0mG9pdbeiixqv7EStz+P8W8ao3FpWqydIkMfDu38M2hHW78WLVOdx80e51TqS2Q3f9vtILEQpmabBNZIt37o9moAOvUnBHyL6gEv2g7GVe0k4/+Wl7uDqbaj4qpKdMoJ5iBrxP6swlcG6Bek0LwYOUHKe9Omz27Dj80L0TbNXhfMsiKbZqorVJcEDq665HQBV1oEj5g6nATq619oUgWcLIEtYdRyBkYTlIlbOL+vmAvulhFSsjStryOvBPr38BJXCM2LPkK/7fbZ6905T1hY8zcxe55JTDLENOvXzWlLttNzcCR85NA+0z/z7B9V604MSQWOPAqmHP6POqVKE+PggL/WRaIIQpTrxNuUp6vvgjXI2hVMRYayk0JkJZ323H/lrJkCUbWTwjtoBCWsKuxAxTO3uiF2MSz5TYHOyUro55j4nCIKnDYbCSZ63gLGa3Se7BYFZanpbClCUD3jocYOEV+0SZy2PP89tiiYEWqS5S489yRGusxf3y7V9LurT5y0YrYzs1MJs6+3OjhE96yZ0D9+G3mGJTmF0hX8IRyQo0KxloEx9zEuD3rZig/xeC9NT++1FXh0kOpHB0uwpQ+z1DybAd9LBaFGrQdigDjh5GtYwytoUS1t4Gt6iyB3PwnzuS/UajbuWHJEut7/H0mLqD8d713vc0qQ91R8rTtYFfTmpnKli7wXJQpPSnl+Cv6esaakG2iPRriGOwXfY729CVwslG4XUT30FIgP9rc74/QmKG7qlCaU1PxFpyNWJbLZSZ9vvy1hKWaGwa5zlf2utljLoVl6zzbSWYd+vIj1F0Q==
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

You could revert those two patches and see if you can connect, I have a feeling you wont be able to since its unrelated, but please let me know.

 

Was the cert changed recently or the java version or something?

 

Thanks

Chris

 

From: [mailto:] On Behalf Of Liam Hoekenga
Sent: Wednesday, January 31, 2018 3:02 PM
To:
Subject: [grouper-users] grouper subject engine LDAP cert errors

 

I just installed API patches 90 and 91, and now I can't connect to the LDAP server defined in my subject.properties. 

 

The logs say...

2018-01-31 14:40:51,016: [localhost-startStop-1] ERROR DefaultLdapFactory.create(109) -  - unabled to connect to the ldap

javax.naming.CommunicationException: simple bind failed: mcqa-vault2.dsc.umich.edu:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Hostname '[mcqa-vault2.dsc.umich.edu]' does not match the hostname in the server's certificate]

 

Seems straightforward enough... but...

I've checked the cert's CN using "openssl s_client", and it's a match.

I've verified that the CA cert for our institutional CA that signed the cert is in the javax.net.ssl.trustStore being used for Tomcat.

 

Any ideas?

 

Liam


Archive powered by MHonArc 2.6.19.

Top of Page