SSL authentication error connecting to LDAP server in MetaMatrix

Solution Verified - Updated -

Issue

  • SSL authentication failure when attempting to log in
  • Error in mmprocess.log similar to:
    ERROR <com.metamatrix.core|0> simple bind failed: server:port
javax.naming.CommunicationException: simple bind failed: server:port [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
     at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)
     at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2658)
     at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
     at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
     at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
     at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
     at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
     at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
     at javax.naming.InitialContext.init(InitialContext.java:223)
     at javax.naming.InitialContext.<init>(InitialContext.java:197)
     at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
     at com.metamatrix.platform.security.membership.spi.ldap.LDAPMembershipDomain.getAdminContext(LDAPMembershipDomain.java:342)
     at com.metamatrix.platform.security.membership.spi.ldap.LDAPMembershipDomain.getGroupNames(LDAPMembershipDomain.java:327)
     at com.metamatrix.platform.security.membership.service.MembershipServiceImpl.getGroupsForDomain(MembershipServiceImpl.java:619)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.metamatrix.platform.service.proxy.SingleInvokationProxy.invoke(SingleInvokationProxy.java:55)
     at $Proxy0.getGroupsForDomain(Unknown Source)
     at com.metamatrix.platform.admin.apiimpl.MembershipAdminAPIImpl.getGroupsForDomain(MembershipAdminAPIImpl.java:75)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.metamatrix.core.proxy.ServiceInvocation.invokeOn(ServiceInvocation.java:91)
     at com.metamatrix.core.proxy.DefaultTerminalServiceInterceptor.invoke(DefaultTerminalServiceInterceptor.java:29)
     at com.metamatrix.core.proxy.SecureTerminalServiceInterceptor.invoke(SecureTerminalServiceInterceptor.java:45)
     at com.metamatrix.core.proxy.ServiceInvocation.invokeNext(ServiceInvocation.java:87)
     at com.metamatrix.core.proxy.ServerSecurityServiceInterceptor.invoke(ServerSecurityServiceInterceptor.java:23)
     at com.metamatrix.core.proxy.ServiceInvocation.invokeNext(ServiceInvocation.java:87)
     at com.metamatrix.common.comm.platform.server.MessageServiceAgent.receiveLocal(MessageServiceAgent.java:90)
     at com.metamatrix.common.comm.platform.server.MessageServiceAgent.receive(MessageServiceAgent.java:109)
     at com.metamatrix.common.comm.platform.server.MessageFilterServiceAgent.receive(MessageFilterServiceAgent.java:99)
     at com.metamatrix.platform.admin.apiimpl.RuntimeStateListenerAgent.receive(RuntimeStateListenerAgent.java:103)
     at com.metamatrix.common.comm.platform.socket.SocketVMController.receive(SocketVMController.java:409)
     at com.metamatrix.common.comm.platform.socket.server.ServerSynchronousWorkItem.process(ServerSynchronousWorkItem.java:36)
     at com.metamatrix.common.comm.platform.socket.server.SocketServerWorker.process(SocketServerWorker.java:41)
     at com.metamatrix.common.queue.QueueWorker.run(QueueWorker.java:64)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
     at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
     at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
     at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
     at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
     at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
     at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:393)
     at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
     at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192)
     ... 39 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
     at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
     at sun.security.validator.Validator.validate(Validator.java:218)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
     at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
     ... 51 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
     at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
     at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
     ... 57 more

Environment

  • MetaMatrix Enterprise Server 5.5.4
  • LDAP Membership Domain Provider utilizing SSL

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content