Hello All,
I know this is a lengthy post but I wanted to provide all the information I had thanks in advance for reading through it!
Objective
Authenticate to Active Directory LDAP over port 636 using JAVA code.
Steps already taken:
Install CA on domain controller
Verify DC is listening on 636
Add DC root certificate to windows trusted roots on client computer
Connect to DC over 636 using MS LDP utility from both DC and client - Success
used the following keytool command to create ca.jks and .keystore files:
keytool -import -alias aliasname -keystore keystore.jks -file c:\trustedroot.cer
Also tried the same command with -trustcacerts
Also tried keytool command to import trusted root into the cacerts file in java/.../lib/security
Problem
Using Java code hosted on Weblogic, can connect successfully to LDAP using port 389
When attempting to connect using 636 getting the following error:
javax.naming.CommunicationException: simple bind failed: ourdc:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found]
The strange thing is that we overcame this same problem by logging in as the domain admin on the bea server in development and requesting a server cert from the DC CA. That seemed to resolve it temporarily but then it broke again after a reboot. During the time that it worked, we verified that the Java code is working fine as we were able to perform the functions we want to perform.
Now that we want to deploy to production and have followed the same steps, we're still getting this error.
We just can't seem to keep SSL working consistently.
Thanks again any leads will be greatly appreciated.
AJZ