How to avoid certificate exception: no subject alternate names present

This topic has 3 replies, 2 voices, and was last updated 1 year, 2 months ago by Jatinder Singh.

  • Author
  • #27932

    I attempted install of OpenDJ version 3.0 on rhel 7 server (having Java 1.8.0_251). During install process (rpm), I selected no to ssl/tls however when I started it up after installation was complete, I ran into following exception:

    Error reading configuration. Details:
    javax.naming.CommunicationException: simple bind failed: [Root
    exception is No subject alternative names present]

    Can someone expound me why I am getting ^ exception? Thank you for your time!

    • This topic was modified 1 year, 2 months ago by Peter Major.

    So my 2nd attempt of install, I gave proper fqdn and set yes to ssl/tls to generate self signed cert. When I ran service opendj status, it says Running so far so good however when I executed /opt/opendj/bin/status which asked me user dn and its password, I still got same cert exception as earlier post describes. Maybe OpenDJ is running…and that exception is misleading somehow (I could be wrong on that assumption of course). what proper test I can run in order to verify OpenDJ is running safe and sound? I set base dn entry but it is empty now. I plan to import schema from Oracle OUD into OpenDJ.

    So atm, I like to know how to verify this ldap server is running? ldapsearch cmd?


    Plz bear with me. I wasn’t sure how to edit my 1st or 2nd post so that I decided to create another post.

    I followed: to verify if OpenDJ I stood up is handling ldap request…

    I ran this cmd first:

    ./ldapsearch --hostname --port 636 --useSsl --trustAll --bindDN "cn=Directory Manager" --bindPassword password --baseDN "" --searchScope base "(objectclass=*)" 1.1

    Then I ran this cmd:

    ./ldapsearch --port 389 --baseDN "" --searchScope base "(&)" alive healthy

    Both returned empty dn: response. I like to know what this response means.. Again current OpenDJ is empty (no ldap schema is imported yet).

     Jatinder Singh

    The exception generally means the value (host) you are using to access your LDAP server does not match the SAN hostnames (DNS entries) present in your certificate. You have to use the same FQDN you used to set-up your Directory Server and is resolvable.

    Did you check your access logs to see if the BIND request was successful? If you were successfully able to connect but got an empty response, perhaps there’s nothing in your DS? The status will print the # of entries present.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?