Adding LDAPS Certificate to the Dashboard v3 Java Trust Store
Product Name
CIS-CAT Pro Dashboard
Product Version
v3.0+
Date
Mar 16, 2023
Problem
When using LDAPS (LDAP with SSL) authentication with CIS-CAT Pro Dashboard v3, the LDAPS certificate has to be added to the Dashboard Java Trust Store.
If this is not done correctly, LDAP user authentication may fail with the following error in the /logs/ccpdlogs/ciscatpro.log
file:
PKIX path building failed [...] unable to find valid certification path to requested target
Solution
1 | Export your LDAPS certificate in Copy the exported file to your Dashboard server. |
2 | Navigate to the Dashboard
|
3 | Run the following command: keytool -import -trustcacerts -alias ccpdldaps -file C:\my-ldaps-certificate.pfx -keystore "C:\Program Files\CCPD\jre\lib\security\cacerts"
|
4 | When prompted, enter the Dashboard keystore password |
5 | When asked to trust this certificate, enter “yes”. The following message appears after a successful addition: |
6 | Restart the CIS-CAT Pro Dashboard application service to apply the new configuration.
|
Should you still experience the PKIX path building failed
error in the ciscatpro.log
file after making the above changes, Atlassian offers a method of debugging the SSL connection via a Java utility called SSLPoke
that can also be used to diagnose Dashboard’s connectivity to your LDAPS host:
https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-error-779355358.html
As example on Windows (assuming the SSLPoke.class
has been copied to CCPD\jre\bin
:
C:\Program Files\CCPD\jre\bin\java.exe -Djavax.net.debug=ssl SSLPoke ldap.mydomain.com 636
Keywords; LDAPS Dashboard v3 Certificate
Content by Label