Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence and AD connection via SSL

Alexey Eronko
Alexey Eronko September 27, 2012

Hello,

I can't setup connection between confluence 4.3 and my Active Directroy server.

I managed to setup it without ssl but with ssl it doesn't work. I have keystore with following certificates :

1. Certificate of my active directory server.

2 Certification of my CA which sign certificate #1.

Here is simple manual but it doesn't work for me.

https://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+Directory

I get the following exception :

Root exception is javax.naming.CommunicationException: off
ice.company.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching office.company.com found.]]

My server certificate CN is : server.office.company.com and I use this name in confleunce configuration.

What might be the problem ?

Regards,

Alexey

Answer
Watch
Like Be the first to like this
1984 views

1 answer

1 accepted

0 votes
Answer accepted
JohnA
JohnA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 30, 2012

Hi Alexy,

I believe the problem here is that the embedded Crowd in your Confluence verifies the hostname on SSL certificates whilst communicating with LDAP servers over SSL, as documented in this ticket: https://jira.atlassian.com/browse/CWD-2690

What this means is that the hostname must match that on the SSL certificate or Confluence will not connect to the directory. This is by design, so you will need to workaround this in one of the folllowing ways:

  1. Fix the certificate to contain the correct name. This is the preferred (and most secure) fix.
  2. Using an 'ldaps' connection URL and leaving 'Secure SSL' (on Crowd) or 'Use SSL' (in Embedded Crowd) unchecked in the Crowd Console will use an SSL connection but will not verify that the hostname and certificate match.
  3. Edit /etc/hosts to allow you to use the incorrect name in the certificate. Add the FQDN on the certificate and match it to the IP address of the server.

Hopefully one of the above options will resolve your issue for you.

All the best,
John

View More Comments
Alexey Eronko
Alexey Eronko October 8, 2012

Thanks a lot for your help.

We opened bug report https://jira.atlassian.com/browse/CONF-26826

Also I added comment to workaround tiket : https://jira.atlassian.com/browse/CONF-26049

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events