DCO certificates store

DCIM_Support · ‎2020-07-03

Hi,

I had an issue with Active Directory authentication in DCO and was not able to view the related certificate (no result after clicking on the button, see screenhost)

From time to time I have to trust again the LDAPs certificate

How to permanently install the Issuing Certificate to validate?

In the server.log log file I get:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

And how to check the installed certificates?

Regards,

Yannick

DCIM_Support · ‎2020-07-03

Hi Jannick,

If I understand correctly this is likely due to the certificate change on the authentication server itself, and then the new certificate (from the AD/LDAP server) must be updated/trusted on DCO (otherwise the AD users won't be able to log in). And concerning the last question, eg, checking the installed certificates, I will see what I can find for you, thanks.

Kind regards

DCIM_Support · ‎2020-07-03

Hi Jef, I confirm, I get this message after certificate changes In fact, the server name I specified is an alias that points to some LDAP servers and from time to time the target server is modified That's why I would like to add the Public Issuing Certificate into the certificate store to trust any children certificates Best Regards, Yannick

DCIM_Support · ‎2020-07-03

Hi Yannick, Many thanks for the additional comments, I had a brief talk with developers and I've been told that the certificates must be handled on the LDAP server(s). Kind regards

DCIM_Support · ‎2020-07-03

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.