SSL authentication error connecting to LDAP server in MetaMatrix

Solution Verified - Updated -

Issue

  • SSL authentication failure when attempting to log in
  • Error in mmprocess.log similar to:
    ERROR <com.metamatrix.core|0> simple bind failed: server:port
    javax.naming.CommunicationException: simple bind failed: server:port [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
         at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)
         at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2658)
         at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
         at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
         at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
         at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
         at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
         at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
         at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
         at javax.naming.InitialContext.init(InitialContext.java:223)
         at javax.naming.InitialContext.<init>(InitialContext.java:197)
         at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
         at com.metamatrix.platform.security.membership.spi.ldap.LDAPMembershipDomain.getAdminContext(LDAPMembershipDomain.java:342)
         at com.metamatrix.platform.security.membership.spi.ldap.LDAPMembershipDomain.getGroupNames(LDAPMembershipDomain.java:327)
         at com.metamatrix.platform.security.membership.service.MembershipServiceImpl.getGroupsForDomain(MembershipServiceImpl.java:619)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.metamatrix.platform.service.proxy.SingleInvokationProxy.invoke(SingleInvokationProxy.java:55)
         at $Proxy0.getGroupsForDomain(Unknown Source)
         at com.metamatrix.platform.admin.apiimpl.MembershipAdminAPIImpl.getGroupsForDomain(MembershipAdminAPIImpl.java:75)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at com.metamatrix.core.proxy.ServiceInvocation.invokeOn(ServiceInvocation.java:91)
         at com.metamatrix.core.proxy.DefaultTerminalServiceInterceptor.invoke(DefaultTerminalServiceInterceptor.java:29)
         at com.metamatrix.core.proxy.SecureTerminalServiceInterceptor.invoke(SecureTerminalServiceInterceptor.java:45)
         at com.metamatrix.core.proxy.ServiceInvocation.invokeNext(ServiceInvocation.java:87)
         at com.metamatrix.core.proxy.ServerSecurityServiceInterceptor.invoke(ServerSecurityServiceInterceptor.java:23)
         at com.metamatrix.core.proxy.ServiceInvocation.invokeNext(ServiceInvocation.java:87)
         at com.metamatrix.common.comm.platform.server.MessageServiceAgent.receiveLocal(MessageServiceAgent.java:90)
         at com.metamatrix.common.comm.platform.server.MessageServiceAgent.receive(MessageServiceAgent.java:109)
         at com.metamatrix.common.comm.platform.server.MessageFilterServiceAgent.receive(MessageFilterServiceAgent.java:99)
         at com.metamatrix.platform.admin.apiimpl.RuntimeStateListenerAgent.receive(RuntimeStateListenerAgent.java:103)
         at com.metamatrix.common.comm.platform.socket.SocketVMController.receive(SocketVMController.java:409)
         at com.metamatrix.common.comm.platform.socket.server.ServerSynchronousWorkItem.process(ServerSynchronousWorkItem.java:36)
         at com.metamatrix.common.comm.platform.socket.server.SocketServerWorker.process(SocketServerWorker.java:41)
         at com.metamatrix.common.queue.QueueWorker.run(QueueWorker.java:64)
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
         at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
         at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
         at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
         at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
         at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
         at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
         at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
         at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
         at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:393)
         at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334)
         at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192)
         ... 39 more
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
         at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
         at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
         at sun.security.validator.Validator.validate(Validator.java:218)
         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
         at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
         at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
         ... 51 more
    Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
         at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
         at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
         at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
         ... 57 more
    

Environment

  • MetaMatrix Enterprise Server 5.5.4
  • LDAP Membership Domain Provider utilizing SSL

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In