I am trying to connect a webapp, running in Tomcat 7.0.34 on a Mac, OS/X 10.10 (Yosemite), to a secure AD server. I get this error:
org.springframework.ldap.CommunicationException: qlty-test-ad:636; nested exception is javax.naming.CommunicationException: qlty-test-ad:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:100)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:792)
at org.springframework.ldap.core.LdapTemplate.lookup(LdapTemplate.java:822)
at org.springframework.ldap.core.LdapTemplate.lookupContext(LdapTemplate.java:1315)
at com.enonic.cms.ee.ldap.LdapConnector.lookup(LdapConnector.java:261)
at com.enonic.cms.ee.ldap.LdapRemoteUserStorePlugin.verifyConnection(LdapRemoteUserStorePlugin.java:489)
... 87 more
So, I am missing a server certificate. I downloaded it with InstallCert and got the jssecacerts file, and as far as I can understand, I just need to place it in a folder where my JVM can find it and use it. First I tried, directly in the jdk:
/Library/Java/JavaVirtualMachines/jdk1.7.0_71.jdk/Contents/Home/lib/
Descriptions suggest there should be a "security" folder inside "lib", but there isn't. I tried to create one, then put the jssecacerts file here, but it did not help.
Then, I found a reference to this folder:
/System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/
It allready contained the "cacerts" file, so I thought I was on to something, but placing "jssecacerts" here does not help either. There is also
/Library/Java/Home/lib/security
which contains symbolic links to both files ("cacerts" and "jssecacerts").
Does anybody know where I should put jssecacerts?
You can find a relevant article on StackOverflow here: How to obtain the location of cacerts of the default java installation?
On Java 1.8 it should be placed under this folder:
/Library/Java/JavaVirtualMachines/jdk1.8.0_xx.jdk/Contents/Home/jre/lib/security
I did not find any security directory under the JDK, but I suppose it's using the same one as the JRE.
To find the Java on Mac:
/usr/libexec/java_home -v 1.8