Connection to the Microsoft AD with SSL

Libor Šmíd September 30, 2019

Hello,

 

I would like to ask for help with connection to the Microsoft AD with SSL. I got our LDAP server and account details, but I am not able to connect to this server. I always got this message:

"Connection test failed. Response from the server:
neopost.ad:636; nested exception is javax.naming.CommunicationException: neopost.ad:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching neopost.ad found]"

I think the problem is with a certificate, but I do not know, how to fix it. I went through this article (I got the certificate with information about LDAP server). The confluence run on the server with Ubuntu, so I used this command: "sudo keytool -importcert -alias ldapCert -file JIRAorLDAPServer.crt -keystore $JAVA_HOME/jre/lib/security/cacerts"

If I use this command for verification: "sudo keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts" I see, that the certificate is here.

I also got only the IP address of our LDAP server, so I added new record to the host file and this IP address is now known as neopost.ad.

So, I think that everything is set correctly, but the error is still here.

Can anyone help me please?

Thank you in advance.

1 answer

0 votes
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 1, 2019

Hi Libor,

Thank you for contacting us about this. Can you try to run through the article Unable to connect to SSL services due to PKIX path building failed error? This has solved similar errors for other users in the past, just make sure to copy the certificates properly according to this article.

Let us know how it goes.

Regards,

Shannon

Libor Šmíd October 2, 2019

Hi Shannon,

thank you for information. I went through the article and the connection was succesful when I used SSLPoke.class, but the connection to the LDAP still does not work. So, I tried to go through the step by step advice in the Resolution section.

First step was successfuly done and after using command "keytool -list -keystore <path>" I see the certificate in here. - Nothing

Second step. The Java was downgraded. There were the version 11 of the Java, so I instaled the version 8 (1.8), because this version is lead as the supported version. I set this new path to the "setjre.sh" file and restart Confluence. - Nothing

Third step. Default truststore is set. - Nothing

Fourth step. We do not have an Anti Virus tool (Linux is without GUI).

Fifth step. It is not mail server, but LDAP server.

Sixth step. This step can be done, because this server is in our private infrastructure and it is unvisible from internet.

Seventh step. Same as second step.

But I figured out, If I try the command echo $JAVA_HOME, the result is empty. So, there may is problem with path to the Java home. What do you think?

If yes, would you mind to help me with settings? I have tried almost everything and now I have no idea what next.

Thank you again.

Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 9, 2019

Hello Libor,

Thank you for those details.

Can you tell me, did you install Confluence from an archive (tar.gz) or from the Installer? The installer has a prerequisite to set JAVA_HOME:

Before you install Confluence, check that you're running a supported Java version and that the JAVA_HOME environment variable is set correctly.

Confluence can only run with Oracle JDK or JRE.

To check your Java version:

$ java -version

To check your JAVA_HOME variable is set correctly:

$ echo $JAVA_HOME

If you see a path to your Java installation directory, the JAVA_Home environment variable has been set correctly. If a path is not returned you'll need to set your JAVA_HOME environment variable manually before installing Confluence.

Have you created a dedicated user to run Confluence?

You mentioned that earlier you were able to run the command:
sudo keytool -importcert -alias ldapCert -file JIRAorLDAPServer.crt -keystore $JAVA_HOME/jre/lib/security/cacerts"
However, this would have returned an error if JAVA_HOME is empty, as you mentioned when echoing $JAVA_HOME. If that's the case, you likely have multiple JVMs installed, and you might be adding the certificate to the wrong one.
I hope this helps, but let me know if you have any questions.
Regards,
Shannon
Libor Šmíd October 14, 2019

Hi Shannon,

thank you very much for your cooperation. Now the connection to the LDAP is set and works. But, I am not sure, where was the problem, because I did many steps and I went through many articles with instructions.

I also set it up the path $JAVA_HOME and also set the supported java version as a default. And I also imported the root certificate what I received from my company.

But I am glad, that the problem is resolved.

Thank you again.

Libor

Like Shannon S likes this
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 14, 2019

Libor,

Thank you for letting me know; I'm glad you were able to solve your issue.

Take care, and have a pleasant week!

Regards,

Shannon

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events