[midPoint] Fwd: AD configuration with LDAP Connector, ssl issue

dilek.gider at basistek.com dilek.gider at basistek.com
Tue Apr 25 07:03:02 CEST 2017


Thank you for your reply, i created keystore manually with wiki evolveum Keysotore Configuration document. I dont know how if midpoint creates keystore by itself, automatically.
------ Original message------From: Jason EverlingDate: Mon, Apr 24, 2017 18:41To: midPoint General Discussion;Cc: Subject:Re: [midPoint] Fwd: AD configuration with LDAP Connector, ssl issue
>From what I can see, it is showing 'unsupported ciphersuite' along with other ssl/tls startup errors. Did you let midpoint create the keystore when it first started up or did you manually create it? The midpoint team should be able to help further but I have never encountered that error before with midpoint. Only ssl chain errors which is easily fixed and I dont see that in your logs.

JASON
On Mon, Apr 24, 2017 at 7:26 AM, Dilek Gider <dilek.gider at basistek.com> wrote:
Hi Again,
Is there anybody to help me please.. Details are below.
---------- Forwarded message ----------
From: Dilek Gider <dilek.gider at basistek.com>
Date: Thu, Apr 20, 2017 at 4:20 PM
Subject: AD configuration with LDAP Connector, ssl issue
To: midPoint General Discussion <midpoint at lists.evolveum.com>


Hi ,
I have resource to AD from midpoint, with LDAP Connector. You can find resource.xml as attchment. I couldn't connect this resource with LDAP via SSL. I followed 
https://wiki.evolveum.com/display/midPoint/Keystore+Configuration 
link, added Tomcat java options but it doens't work. Also I added logs about this resource, error logs. 
I wrote java jar to connect AD via ssl and execute it from the same location with my java connector, it succeeded. But  in midpoint it could not communicate with AD via SSL. Without SSL, it is communicating with AD from LDAPConnector.
I have java 8_101, tomcat 8.5.I have certificate as "cer" file, I imported to both java cacerts and midpoint keystore. and it is listed with my alias: Keystore type: JCEKSKeystore provider: SunJCE
Your keystore contains 3 entries
nlight, Mar 21, 2017, trustedCertEntry,Certificate fingerprint (SHA1): XXXXXXXXXdefault, Nov 30, 2016, SecretKeyEntry,tirsantest.local, Apr 19, 2017, trustedCertEntry,Certificate fingerprint (SHA1): XXXXXXXXXXXX
Could you help me? I am working on this problem for two weeks. 

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170425/b9869032/attachment.htm>


More information about the midPoint mailing list