grouper-users - Re: [grouper-users] LDAP over SSL error - CertificateException
Subject: Grouper Users - Open Discussion List
List archive
- From: "Hyzer, Chris" <>
- To: " Mailing List" <>, Al Lilianstrom <>
- Subject: Re: [grouper-users] LDAP over SSL error - CertificateException
- Date: Mon, 15 Feb 2021 14:58:44 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isc.upenn.edu; dmarc=pass action=none header.from=isc.upenn.edu; dkim=pass header.d=isc.upenn.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aU0NRvIBoYwHCWbQBncpXr375xSPHTjFs6BD1mDouPo=; b=MoI+Rxl+/ELkcS3oFXqYKFD+gctip8ppW+6w30Rp8mRBqc1GZFvH7kxF2oNKS1ruTPuNyaS41Ne4sDYt9Zu57F1XeuDW5AImSuET2+eQdaBmy95XEkpR/jsiZtMomGEK7Tn+0Tf2VP2Jg3DO3ZkfhJHcL0emBdyucATs9eEExjS7bIwxSAHMH05YNcpuYwp7IVtxLecESVGBZVuHUinoKUlSCxqN0Mfi9yjwneMlDlvujoGRodBqIHMqNmNKwLZXuS6x2hmujiYNY85hLz5OQDZCho0/y4DoNd+IQkQr6dKmgpkIldRGI2BArP9b3+am+Vb+5Dx7iYaEVPaKtoWYqw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LBGkH3nA43cweo1OTVXHCdAOweFYwmR99cCziuZ8MeXbYBRE/QwdTNJubOrfmp20D25YyDI4y0jbMqgTXsdWP1AhT0uwkbUtGMZqBAkxYz4hSUZ2A9L0jNPitSlAyQ+5GLHXi9+IDttm+iXNEG4JyP/0Zpdyvtta9TjKXUB4b2t/LQGNjHiMLVOfho2wQJtf2ev3PWloyxZYhs9d3g1bdsxcDtDsRsL0C/zEo4V71LbkeYqp1Sk5/OtpN1CT1m0QqNOqzuRFrDHC4WwJmYQsJvaEjiYB9GqtN9CVD/GdA0TUiKR1kbYf+acswXoTIoaaPha8ykE6xKJp6ywX7e62Sg==
Are you slack to discuss this? 🙂
(ask to join incommon-grouper slack): https://incommon.org/help/
can you try in grouper-loader.properties (or database config):
ldap.fsLdap.referral
= follow
or
maybe we need to add all the certs into java as trusted... hmmm
From: <> on behalf of Al Lilianstrom <>
Sent: Monday, February 15, 2021 9:21 AM
To: Mailing List <>
Subject: [grouper-users] LDAP over SSL error - CertificateException
Sent: Monday, February 15, 2021 9:21 AM
To: Mailing List <>
Subject: [grouper-users] LDAP over SSL error - CertificateException
New to grouper. Running 2.5.41 in one container. Postgres and Shibboleth in separate containers. ADLDS over plain LDAP for the subject database.
All good.
Adding a AD domain over SSL to grouper. Trying to use the domain name for the connection as we do with other apps.
From grouper-loader.properties
ldap.fsLdap.configFileFromClasspath = ldap.fsLdap.properties
ldap.fsLdap.user = CN=dirm,OU=FSA,DC=fs,DC=fnal,DC=gov
ldap.fsLdap.pass = NotIt
ldap.fsLdap.properties
org.ldaptive.ldapUrl=ldaps://fs.fnal.gov/
org.ldaptive.useStartTLS=false
org.ldaptive.useSSL=true
org.ldaptive.credentialConfig=org.ldaptive.ssl.KeyStoreCredentialConfig{{trustStore=file:/opt/grouper/grouperWebapp/WEB-INF/classes/fs.ks}{trustStorePassword=NotIt}}
Getting the following error in the web interface when testing the connection (under Miscellaneous | External systems)
CertificateException: Hostname '[fs.fnal.gov]' does not match the hostname in the server's certificate ''
The domain name is in the certificate as a Subject Alternative Name
DNS Name=DC1.fs.fnal.gov
DNS Name=fs.fnal.gov
DNS Name=FS
If I disable SSL the test is successful. Or if I switch to a single DC.
org.ldaptive.ldapUrl=ldaps://dc1.fs.fnal.gov/
org.ldaptive.useStartTLS=false
org.ldaptive.useSSL=true
org.ldaptive.credentialConfig=org.ldaptive.ssl.KeyStoreCredentialConfig{{trustStore=file:/opt/grouper/grouperWebapp/WEB-INF/classes/fs.ks}{trustStorePassword=NotIt}}
Any thoughts on getting this to work?
--
Al Lilianstrom
Authentication Services
Fermi National Accelerator Laboratory
www.fnal.gov
All good.
Adding a AD domain over SSL to grouper. Trying to use the domain name for the connection as we do with other apps.
From grouper-loader.properties
ldap.fsLdap.configFileFromClasspath = ldap.fsLdap.properties
ldap.fsLdap.user = CN=dirm,OU=FSA,DC=fs,DC=fnal,DC=gov
ldap.fsLdap.pass = NotIt
ldap.fsLdap.properties
org.ldaptive.ldapUrl=ldaps://fs.fnal.gov/
org.ldaptive.useStartTLS=false
org.ldaptive.useSSL=true
org.ldaptive.credentialConfig=org.ldaptive.ssl.KeyStoreCredentialConfig{{trustStore=file:/opt/grouper/grouperWebapp/WEB-INF/classes/fs.ks}{trustStorePassword=NotIt}}
Getting the following error in the web interface when testing the connection (under Miscellaneous | External systems)
CertificateException: Hostname '[fs.fnal.gov]' does not match the hostname in the server's certificate ''
The domain name is in the certificate as a Subject Alternative Name
DNS Name=DC1.fs.fnal.gov
DNS Name=fs.fnal.gov
DNS Name=FS
If I disable SSL the test is successful. Or if I switch to a single DC.
org.ldaptive.ldapUrl=ldaps://dc1.fs.fnal.gov/
org.ldaptive.useStartTLS=false
org.ldaptive.useSSL=true
org.ldaptive.credentialConfig=org.ldaptive.ssl.KeyStoreCredentialConfig{{trustStore=file:/opt/grouper/grouperWebapp/WEB-INF/classes/fs.ks}{trustStorePassword=NotIt}}
Any thoughts on getting this to work?
--
Al Lilianstrom
Authentication Services
Fermi National Accelerator Laboratory
www.fnal.gov
- [grouper-users] LDAP over SSL error - CertificateException, Al Lilianstrom, 02/15/2021
- Re: [grouper-users] LDAP over SSL error - CertificateException, Hyzer, Chris, 02/15/2021
- Re: [grouper-users] LDAP over SSL error - CertificateException, Al Lilianstrom, 02/15/2021
- Re: [grouper-users] LDAP over SSL error - CertificateException, Hyzer, Chris, 02/15/2021
Archive powered by MHonArc 2.6.24.