Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence: I can not add type: Microsoft Active Directory gives an error

Dmitry
Dmitry November 19, 2019

The integrations doesn't work.  Any ideas what this means, or how I can resolve this?

Error follows:

Connection test failed. Response from the server:
hostname.local:636; nested exception is javax.naming.CommunicationException: hostname.local:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching hostname.local found.]

Made the following steps does not help:

1. Edit the hosts file add DC IP address  and hostname

2. Disable Secure SSL by editing the LDAP directory and unchecking that box from Advanced Settings.

3. Add JVM startup parameter-Djdk.tls.trustNameService=true

 

Answer
Watch
Like Be the first to like this
469 views

1 answer

0 votes
Shannon S
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 21, 2019

Hello Dmitry,

Welcome to Atlassian Community! It's nice to have you.

Thank you for confirming which steps you have already tried. There are a few more suggestions from the article java.security.cert.CertificateException: No subject alternative DNS name matching <hostname> found:

  1. Fix the certificate to contain the correct name.
  2. Disable "Follow Referrals" in the User Directory configuration, if cross-domain memberships are not used.
  3. If you are using JDK 1.8.0_51 or later (bundled in Confluence 5.8.8 and later), the JDK no longer performs reverse name lookup for IP addresses by default, as per this java doc. You can re-enable reverse lookup by adding '-Djdk.tls.trustNameService=true' to your system parameters.

    If an application does need to perform reverse name lookup for raw IP addresses in SSL/TLS connections, and encounter endpoint identification compatibility issue, System property "jdk.tls.trustNameService" can be used to switch on reverse name lookup. Note that if the name service is not trustworthy, enabling reverse name lookup may be susceptible to MITM attacks.

Let me know if you have any trouble or if this is not successful.

Regards,

Shannon

View More Comments
Dmitry
Dmitry November 25, 2019

Dear Shannon,
Yes, I already tryed solution from the article but problem stayed. it not resolved.

Like
Shannon S
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 5, 2019

Dmitry,

Thank you for confirming that you were able to try the additional steps. 

Is that hostname.local the right hostname, or did you mask it for the post? If it is hostname.local, I would recommend that you change that and generate a new certificate.

If that doesn't help, have a look at the following article for additional troubleshooting steps, including adding the system property:

Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true

Let me know how that goes!

Regards,

Shannon

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events