I am trying to use Spring Security to authenticate users against Active Directory. So far I was using LDAP protocol, but now I would like to use LDAPS.
I followed this article http://blogs.oracle.com/gc/entry/unable_to_find_valid_certification and it works. I was able to bind user against AD successfully using LDAPS.
But after a while (15 - 30min), when I try to log in, I get this exception again:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
and then I am no longer able to use LDAPS. I tried to:
- restart tomcat
- add certificate directly to cacerts
- starting tomcat with path to trustStore by using env property -Djavax.net.ssl.trustStore
Only thing that works is to recreate jssecacerts completely. It is not开发者_运维知识库 enough just copy existing jssecacerts to jre/lib/security, it MUST be new file. I just do not understand...
My enviroment is: java 1.6.0_26, tomcat 7.0.20, spring 3.0.5, spring security 3.1RC2
Am I doing something wrong?
Thanks
Ok, so I probably found solution. I did not know that behind one Active Directory URL are many physical machine :) When I used InstallCert it rewrote and generated new keystore with only one current certificate. That was reason why it sometimes worked and sometimes did not. I also found that all certificates are signed by one CA. After adding CA's certificate to trustStore it started finally work.
精彩评论