Monday, February 17, 2014

Simple bind failed: domain:port Root exception is javax.net.ssl.SSLHandshakeException ... PKIX path building failed

I have to explain this every so often. The below error is typical when you use self signed certificates and have not added them to the java keystore:
simple bind failed: domain:port Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
A good practice is to add as alias the domain(if not also the port) for which you have added the authorization. That way you can easily find out if a given cert is missing, also you can see if the cert actually corresponds to the intended domain:
$ /opt/jdk/bin/keytool -list -v -keystore  $JAVA_HOME/jre/lib/security/cacerts|grep sample.com
Enter keystore password:  ********
Alias name: service1.sample.com
Owner: CN=service1.sample.com, OU=IT, O=Sample, L=Miami, ST=Florida, C=US
Issuer: CN=service1.sample.com, OU=IT, O=Sample, L=Miami, ST=Florida, C=US
Alias name: service2.sample.com
Owner: CN=service2.sample.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)11, OU=GT52990491, O=service2.sample.com, C=US, SERIALNUMBER=mXKLdrX4UaRs2o6aqLNK3Rakjog/7peB
  DNSName: service2.sample.com
Alias name: service3.sample.com
Owner: EMAILADDRESS=admin@sample.com, CN=service3.sample.com, OU=Operations, O="Kaufman Rossin Fund Services, LLC", L=Miami, ST=FL, C=US
Issuer: EMAILADDRESS=admin@sample.com, CN=service3.sample.com, OU=Operations, O="Kaufman Rossin Fund Services, LLC", L=Miami, ST=FL, C=US

No comments:

Followers