The integrations doesn't work. Any ideas what this means, or how I can resolve this?
Error follows:
Connection test failed. Response from the server:
hostname.local:636; nested exception is javax.naming.CommunicationException: hostname.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching hostname.local found.]
Made the following steps does not help:
1. Edit the hosts
file add DC IP address and hostname
2. Disable Secure SSL by editing the LDAP directory and unchecking that box from Advanced Settings.
3. Add JVM startup parameter-Djdk.tls.trustNameService=true
Hello Dmitry,
Welcome to Atlassian Community! It's nice to have you.
Thank you for confirming which steps you have already tried. There are a few more suggestions from the article java.security.cert.CertificateException: No subject alternative DNS name matching <hostname> found:
- Fix the certificate to contain the correct name.
- Disable "Follow Referrals" in the User Directory configuration, if cross-domain memberships are not used.
- If you are using JDK 1.8.0_51 or later (bundled in Confluence 5.8.8 and later), the JDK no longer performs reverse name lookup for IP addresses by default, as per this java doc. You can re-enable reverse lookup by adding '-Djdk.tls.trustNameService=true' to your system parameters.
If an application does need to perform reverse name lookup for raw IP addresses in SSL/TLS connections, and encounter endpoint identification compatibility issue, System property "jdk.tls.trustNameService" can be used to switch on reverse name lookup. Note that if the name service is not trustworthy, enabling reverse name lookup may be susceptible to MITM attacks.
Let me know if you have any trouble or if this is not successful.
Regards,
Shannon
Dmitry,
Thank you for confirming that you were able to try the additional steps.
Is that hostname.local the right hostname, or did you mask it for the post? If it is hostname.local, I would recommend that you change that and generate a new certificate.
If that doesn't help, have a look at the following article for additional troubleshooting steps, including adding the system property:
Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
Let me know how that goes!
Regards,
Shannon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.