Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] LDAP over SSL error - CertificateException

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] LDAP over SSL error - CertificateException

Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: " Mailing List" <>, Al Lilianstrom <>
  • Subject: Re: [grouper-users] LDAP over SSL error - CertificateException
  • Date: Mon, 15 Feb 2021 14:58:44 +0000
  • Arc-authentication-results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aU0NRvIBoYwHCWbQBncpXr375xSPHTjFs6BD1mDouPo=; b=MoI+Rxl+/ELkcS3oFXqYKFD+gctip8ppW+6w30Rp8mRBqc1GZFvH7kxF2oNKS1ruTPuNyaS41Ne4sDYt9Zu57F1XeuDW5AImSuET2+eQdaBmy95XEkpR/jsiZtMomGEK7Tn+0Tf2VP2Jg3DO3ZkfhJHcL0emBdyucATs9eEExjS7bIwxSAHMH05YNcpuYwp7IVtxLecESVGBZVuHUinoKUlSCxqN0Mfi9yjwneMlDlvujoGRodBqIHMqNmNKwLZXuS6x2hmujiYNY85hLz5OQDZCho0/y4DoNd+IQkQr6dKmgpkIldRGI2BArP9b3+am+Vb+5Dx7iYaEVPaKtoWYqw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=LBGkH3nA43cweo1OTVXHCdAOweFYwmR99cCziuZ8MeXbYBRE/QwdTNJubOrfmp20D25YyDI4y0jbMqgTXsdWP1AhT0uwkbUtGMZqBAkxYz4hSUZ2A9L0jNPitSlAyQ+5GLHXi9+IDttm+iXNEG4JyP/0Zpdyvtta9TjKXUB4b2t/LQGNjHiMLVOfho2wQJtf2ev3PWloyxZYhs9d3g1bdsxcDtDsRsL0C/zEo4V71LbkeYqp1Sk5/OtpN1CT1m0QqNOqzuRFrDHC4WwJmYQsJvaEjiYB9GqtN9CVD/GdA0TUiKR1kbYf+acswXoTIoaaPha8ykE6xKJp6ywX7e62Sg==

Are you slack to discuss this?  🙂

(ask to join incommon-grouper slack):

can you try in (or database config):

ldap.fsLdap.referral = follow

or maybe we need to add all the certs into java as trusted... hmmm

From: <> on behalf of Al Lilianstrom <>
Sent: Monday, February 15, 2021 9:21 AM
To: Mailing List <>
Subject: [grouper-users] LDAP over SSL error - CertificateException
New to grouper. Running 2.5.41 in one container. Postgres and Shibboleth in separate containers. ADLDS over plain LDAP for the subject database.

All good.

Adding a AD domain over SSL to grouper. Trying to use the domain name for the connection as we do with other apps.


ldap.fsLdap.configFileFromClasspath =
ldap.fsLdap.user = CN=dirm,OU=FSA,DC=fs,DC=fnal,DC=gov
ldap.fsLdap.pass = NotIt


Getting the following error in the web interface when testing the connection (under Miscellaneous | External systems)

CertificateException: Hostname '[]' does not match the hostname in the server's certificate ''

The domain name is in the certificate as a Subject Alternative Name


If I disable SSL the test is successful. Or if I switch to a single DC.


Any thoughts on getting this to work?

Al Lilianstrom
Authentication Services

Fermi National Accelerator Laboratory

Archive powered by MHonArc 2.6.24.

Top of Page