No subject alternative names – Cannot authenticate on OpenDJ 2.6.4 Control Panel

This topic contains 4 replies, has 2 voices, and was last updated by  shawnmandel 2 months, 2 weeks ago.

  • Author
    Posts
  • #25400
     shawnmandel 
    Participant

    Just performed a fresh install of OpenDJ 2.6.4 on Windows 2016. I’m unable to login/authenticate to the Control Panel due to the following error:

    An error occurred connecting to the server. Details:
    javax.naming.CommunicationException: simple bind failed: 0.0.0.0:4444
    [Root exception is javax.net.SSLHandshakeException:
    java.security.cert.CertificateException: No subject alternative names present]

    I’m running a non-production server, so I would like to know how to send the following command lines in Windows command line interface in order to invoke the following properties:

    org.forgerock.opendj.hostNameVerificationDisabled = true
    com.sun.jndi.ldap.object.disableEndpointIdentification = true

    Any help would be much appreciated!
    Shawn

    • This topic was modified 2 months, 3 weeks ago by  shawnmandel.
    #25402
     Rob Matthews 
    Participant

    Hi,

    Depending on Java version you may be hitting a known issue, see – https://bugster.forgerock.org/jira/browse/OPENDJ-5336 or https://backstage.forgerock.com/knowledge/kb/article/a74638591

    Thanks,
    Rob

    #25403
     shawnmandel 
    Participant

    Hey Rob,

    Thanks very much for your response. Yes, this confirms that the extra security features in OpenDJ are causing the issue. My java version is: 1.8.0_201.

    Now, my main issue is my lack of knowledge of how exactly to set the following properties in Windows Command Line Interface in order to work around my issue?

    org.forgerock.opendj.hostNameVerificationDisabled = true
    com.sun.jndi.ldap.object.disableEndpointIdentification = true

    It says…

    Setting the new system property

    You can set this system property in OpenDJ as follows:

    Add the new system property to dsreplication.java-args in the java.properties file, for example:
    dsreplication.java-args=… -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
    Apply this change by running the bin/dsjavaproperties command:
    $ ./dsjavaproperties

    also,

    Workaround:

    Set the above system property in the JVM args, e.g.

    (in config/java.properties)

    control-panel.java-args=… -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true

    dsreplication.java-args=… -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
    And run bin/dsjavaproperties.

    The above appear to be Unix/Linux type commands. How do I translate them in Windows Command Line Interface?

    Regards,
    Shawn

    • This reply was modified 2 months, 3 weeks ago by  shawnmandel.
    #25415
     Rob Matthews 
    Participant

    Hi Shawn,

    You should be able to add the options to the java.properties file on any OS, you then need to either run bin/dsjavaproperties or restart DJ.

    Hope this helps,
    Rob

    #25416
     shawnmandel 
    Participant

    Hi Rob,

    Yes, indeed you’ve helped me quite a bit.

    Thanks a lot!
    Shawn

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?