Tagged: CertificateException
This topic has 3 replies, 2 voices, and was last updated 8 months, 2 weeks ago by Jatinder Singh.
-
AuthorPosts
-
May 14, 2020 at 7:13 pm #27932
dae
ParticipantI attempted install of OpenDJ version 3.0 on rhel 7 server (having Java 1.8.0_251). During install process (rpm), I selected no to ssl/tls however when I started it up after installation was complete, I ran into following exception:
Error reading configuration. Details: javax.naming.CommunicationException: simple bind failed: 0.0.0.0:4444 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present]
Can someone expound me why I am getting ^ exception? Thank you for your time!
-
This topic was modified 7 months, 4 weeks ago by
Peter Major.
May 14, 2020 at 8:11 pm #27933dae
ParticipantSo my 2nd attempt of install, I gave proper fqdn and set yes to ssl/tls to generate self signed cert. When I ran
service opendj status
, it saysRunning
so far so good however when I executed/opt/opendj/bin/status
which asked me user dn and its password, I still got same cert exception as earlier post describes. Maybe OpenDJ is running…and that exception is misleading somehow (I could be wrong on that assumption of course). what proper test I can run in order to verify OpenDJ is running safe and sound? I set base dn entry but it is empty now. I plan to import schema from Oracle OUD into OpenDJ.So atm, I like to know how to verify this ldap server is running? ldapsearch cmd?
May 14, 2020 at 10:09 pm #27934dae
ParticipantPlz bear with me. I wasn’t sure how to edit my 1st or 2nd post so that I decided to create another post.
I followed: https://backstage.forgerock.com/knowledge/kb/article/a54816700 to verify if OpenDJ I stood up is handling ldap request…
I ran this cmd first:
./ldapsearch --hostname foo.domain.com --port 636 --useSsl --trustAll --bindDN "cn=Directory Manager" --bindPassword password --baseDN "" --searchScope base "(objectclass=*)" 1.1 dn:
Then I ran this cmd:
./ldapsearch --port 389 --baseDN "" --searchScope base "(&)" alive healthy dn:
Both returned empty
dn:
response. I like to know what this response means.. Again current OpenDJ is empty (no ldap schema is imported yet).May 15, 2020 at 9:25 pm #27941Jatinder Singh
ParticipantThe exception generally means the value (host) you are using to access your LDAP server does not match the SAN hostnames (DNS entries) present in your certificate. You have to use the same
FQDN
you used to set-up your Directory Server and is resolvable.Did you check your access logs to see if the
BIND
request was successful? If you were successfully able to connect but got an empty response, perhaps there’s nothing in your DS? The status will print the # of entries present. -
This topic was modified 7 months, 4 weeks ago by
-
AuthorPosts
You must be logged in to reply to this topic.