grouper-users - [grouper-users] LDAP over SSL error - CertificateException
Subject: Grouper Users - Open Discussion List
List archive
- From: Al Lilianstrom <>
- To: " Mailing List" <>
- Subject: [grouper-users] LDAP over SSL error - CertificateException
- Date: Mon, 15 Feb 2021 14:21:06 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fnal.gov; dmarc=pass action=none header.from=fnal.gov; dkim=pass header.d=fnal.gov; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=frmBAU+Ib3gWHKDDPgyqGebNTOW5CeDmGaUKwWVbjUw=; b=EAxrw+KDUdi028C4aetzmFLZO/ZCofjGBp/pFGGLQXx0x+X+o8iX70cY8LTzohBVc4C7ZwZBho6yf7L3yz4CiN3fEUkiH+O9k7hW7/lZ5wdgeXo0CZn64QzoilFtUNBU+wAUpOzHXMRVz10Thup8v6AbzcnWeRfIrkQ+XmqhWF8Lw7tp2eLsc5vnr7K04MPz479oF7Kp3qOJT+u8d1vfLs1lOz7QHBDWNp5H2NcAyDB3/Daj1EA8Ol8KOi6pmngCVmKFNwD/lJmOqGmcEnKd4oaDR6FWcDm0MilMrKBXnGN5RACKmuYEoTNmwbGWOmsT0IjRyGa5pnX4SSdZg5cxsA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eCTad5wFd8/7xQ35JB8WvK3XW7XZSdHWsipzls8c5orOBXGed6zmMZwZywzUgz0soSQ5TaNxPqCBqVP7Pr89zHqa7ZYu2b9Uv+kfOWE+phmrvV1JfTAmawqb9ECnAUg74oDV89xOlHKovs5tdtmd8jcD5XyGW003eyyXY1FYnFwEHKMOnnlUZmo27Z1FsiJ25ANu8XEaXkSODofhpO5KnaonX6173NSwAXjIFTMPjs8G00ryDR0E0kicKz4bRKNC9nI70/jRc5se861fQv79DMRn+oEu2/RArxeUl9Wjxp1W8lwFqFXGWBnVCVpqMJAi1/0R3cmqQy8j6FrYiDA6Aw==
New to grouper. Running 2.5.41 in one container. Postgres and Shibboleth in
separate containers. ADLDS over plain LDAP for the subject database.
All good.
Adding a AD domain over SSL to grouper. Trying to use the domain name for the
connection as we do with other apps.
From grouper-loader.properties
ldap.fsLdap.configFileFromClasspath = ldap.fsLdap.properties
ldap.fsLdap.user = CN=dirm,OU=FSA,DC=fs,DC=fnal,DC=gov
ldap.fsLdap.pass = NotIt
ldap.fsLdap.properties
org.ldaptive.ldapUrl=ldaps://fs.fnal.gov/
org.ldaptive.useStartTLS=false
org.ldaptive.useSSL=true
org.ldaptive.credentialConfig=org.ldaptive.ssl.KeyStoreCredentialConfig{{trustStore=file:/opt/grouper/grouperWebapp/WEB-INF/classes/fs.ks}{trustStorePassword=NotIt}}
Getting the following error in the web interface when testing the connection
(under Miscellaneous | External systems)
CertificateException: Hostname '[fs.fnal.gov]' does not match the hostname in
the server's certificate ''
The domain name is in the certificate as a Subject Alternative Name
DNS Name=DC1.fs.fnal.gov
DNS Name=fs.fnal.gov
DNS Name=FS
If I disable SSL the test is successful. Or if I switch to a single DC.
org.ldaptive.ldapUrl=ldaps://dc1.fs.fnal.gov/
org.ldaptive.useStartTLS=false
org.ldaptive.useSSL=true
org.ldaptive.credentialConfig=org.ldaptive.ssl.KeyStoreCredentialConfig{{trustStore=file:/opt/grouper/grouperWebapp/WEB-INF/classes/fs.ks}{trustStorePassword=NotIt}}
Any thoughts on getting this to work?
--
Al Lilianstrom
Authentication Services
Fermi National Accelerator Laboratory
www.fnal.gov
- [grouper-users] LDAP over SSL error - CertificateException, Al Lilianstrom, 02/15/2021
- Re: [grouper-users] LDAP over SSL error - CertificateException, Hyzer, Chris, 02/15/2021
- Re: [grouper-users] LDAP over SSL error - CertificateException, Al Lilianstrom, 02/15/2021
- Re: [grouper-users] LDAP over SSL error - CertificateException, Hyzer, Chris, 02/15/2021
Archive powered by MHonArc 2.6.24.