Home/ Questions/Q 6386267
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T03:00:12+00:00

I am trying to use Spring Security to authenticate users against Active Directory. So

  • 0

I am trying to use Spring Security to authenticate users against Active Directory. So far I was using LDAP protocol, but now I would like to use LDAPS.

I followed this article http://blogs.oracle.com/gc/entry/unable_to_find_valid_certification and it works. I was able to bind user against AD successfully using LDAPS.

But after a while (15 – 30min), when I try to log in, I get this exception again:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)

and then I am no longer able to use LDAPS.
I tried to:

  • restart tomcat
  • add certificate directly to cacerts
  • starting tomcat with path to trustStore by using env property -Djavax.net.ssl.trustStore

Only thing that works is to recreate jssecacerts completely. It is not enough just copy existing jssecacerts to jre/lib/security, it MUST be new file. I just do not understand…

My enviroment is: java 1.6.0_26, tomcat 7.0.20, spring 3.0.5, spring security 3.1RC2

Am I doing something wrong?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Ok, so I probably found solution. I did not know that behind one Active Directory URL are many physical machine 🙂 When I used InstallCert it rewrote and generated new keystore with only one current certificate. That was reason why it sometimes worked and sometimes did not. I also found that all certificates are signed by one CA. After adding CA’s certificate to trustStore it started finally work.

    • 0