[midPoint] Fwd: AD configuration with LDAP Connector, ssl issue

Tue Apr 25 07:38:29 CEST 2017

Hi,

Just checking, did you add the domain controllers certificate to the key 
store?

 <https://wiki.evolveum.com/pages/viewpage.action?pageId=15859743> 
https://wiki.evolveum.com/pages/viewpage.action?pageId=15859743

Regards,

Brad

From: midPoint [mailto:midpoint-bounces at lists.evolveum.com] On Behalf Of 
dilek.gider at basistek.com
Sent: Tuesday, 25 April 2017 3:03 PM
To: Jason Everling <jeverling at bshp.edu>; midPoint General Discussion 
<midpoint at lists.evolveum.com>
Subject: Re: [midPoint] Fwd: AD configuration with LDAP Connector, ssl issue

Thank you for your reply, i created keystore manually with wiki evolveum 
Keysotore Configuration document. I dont know how if midpoint creates keystore 
by itself, automatically.

------ Original message------

From: Jason Everling

Date: Mon, Apr 24, 2017 18:41

To: midPoint General Discussion;

Cc:

Subject:Re: [midPoi nt] Fwd: AD configuration with LDAP Connector, ssl issue

>From what I can see, it is showing 'unsupported ciphersuite' along with other 
ssl/tls startup errors. Did you let midpoint create the keystore when it first 
started up or did you manually create it? The midpoint team should be able to 
help further but I have never encountered that error before with midpoint. 
Only ssl chain errors which is easily fixed and I dont see that in your logs.

JASON

On Mon, Apr 24, 2017 at 7:26 AM, Dilek Gider <dilek.gider at basistek.com 
<mailto:dilek.gider at basistek.com> > wrote:

Hi Again,

Is there anybody to help me please.. Details are below.

---------- Forwarded message ----------
From: Dilek Gider <dilek.gider at basistek.com <mailto:dilek.gider at basistek.com> 
 >
Date: Thu, Apr 20, 2017 at 4:20 PM
Subject: AD configuration with LDAP Connector, ssl issue
To: midPoint General Discussion <midpoint at lists.evolveum.com 
<mailto:midpoint at lists.evolveum.com> >

Hi ,

I have resource to AD from midpoint, with LDAP Connector. You can find 
resource.xml as attchment. I couldn't connect this resource with LDAP via SSL. 
I followed

https://wiki.evolveum.com/display/midPoint/Keystore+Configuration 
<https://wiki.evolveum.com/displ%20ay/midPoint/Keystore+Configuration>

link, added Tomcat java options but it doens't work. Also I added logs about 
this resource, error logs.

I wrote java jar to connect AD via ssl and execute it from the same location 
with my java connector, it succeeded. But  in midpoint it could not 
communicate with AD via SSL. Without SSL, it is communicating with AD from 
LDAPConnector.

I have java 8_101, tomcat 8.5.

I have certificate as "cer" file, I imported to both java cacerts and midpoint 
keystore. and it is listed with my alias:

Keystore type: JCEKS

Keystore provider: SunJCE

Your keystore contains 3 entries

nlight, Mar 21, 2017, trustedCertEntry,

Certificate fingerprint (SHA1): XXXXXXXXX

default, Nov 30, 2016, SecretKeyEntry,

tirsantest.local, Apr 19, 2017, trustedCertEntry,

Certificate fingerprint (SHA1): XXXXXXXXXXXX

Could you help me? I am working on this problem for two weeks.

_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
http://lists.evolveum.com/mailman/ listinfo/midpoint 
<http://lists.evolveum.com/mailman/listinfo/midpoint>

This email, and any attachment, is confidential and also privileged. If you 
have received it in error, please notify me immediately and delete it from 
your system along with any attachments. You should not copy or use it for any 
purpose, nor disclose its contents to any other person.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170425/324c22c1/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4802 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170425/324c22c1/attachment.bin>