[midPoint] Fwd: AD configuration with LDAP Connector, ssl issue

Jason Everling jeverling at bshp.edu
Tue Apr 25 16:19:18 CEST 2017 

is this as actual domain controller? Are you sure that that isn't just the
domain?
<gen493:host>tirsantest.local</gen493:host>

it should contain an actual dc host like
<gen493:host>dc1.tirsantest.local</gen493:host>



JASON

On Tue, Apr 25, 2017 at 2:14 AM, Dilek Gider <dilek.gider at basistek.com>
wrote:

> Hi Brad,
>
> I didn't get certificate, our customer gave to me .cer file that contains
> certificate, AD belongs to customer.
> But with that certificate, I can connect to AD 636 port with java code.
>
> I imported that certificate to midpoint keystore, and also java sdk
> keystore.
> I added java options to tomcat to trust to midpoint keystrore. (
> -Djavax.net.ssl.trustStore=.....)
>
> On Tue, Apr 25, 2017 at 8:38 AM, Brad Fardig <brad.fardig at cogitogroup.com.
> au> wrote:
>
>> Hi,
>>
>>
>>
>> Just checking, did you add the domain controllers certificate to the key
>> store?
>>
>>
>>
>> https://wiki.evolveum.com/pages/viewpage.action?pageId=15859743
>>
>>
>>
>> Regards,
>>
>>
>>
>> Brad
>>
>>
>>
>>
>>
>>
>>
>> *From:* midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On Behalf
>> Of *dilek.gider at basistek.com
>> *Sent:* Tuesday, 25 April 2017 3:03 PM
>> *To:* Jason Everling <jeverling at bshp.edu>; midPoint General Discussion <
>> midpoint at lists.evolveum.com>
>> *Subject:* Re: [midPoint] Fwd: AD configuration with LDAP Connector, ssl
>> issue
>>
>>
>>
>> Thank you for your reply, i created keystore manually with wiki evolveum
>> Keysotore Configuration document. I dont know how if midpoint creates
>> keystore by itself, automatically.
>>
>>
>>
>> ------ Original message------
>>
>> *From: *Jason Everling
>>
>> *Date: *Mon, Apr 24, 2017 18:41
>>
>> *To: *midPoint General Discussion;
>>
>> *Cc: *
>>
>> *Subject:*Re: [midPoi nt] Fwd: AD configuration with LDAP Connector, ssl
>> issue
>>
>>
>>
>> From what I can see, it is showing 'unsupported ciphersuite' along with
>> other ssl/tls startup errors. Did you let midpoint create the keystore when
>> it first started up or did you manually create it? The midpoint team should
>> be able to help further but I have never encountered that error before with
>> midpoint. Only ssl chain errors which is easily fixed and I dont see that
>> in your logs.
>>
>>
>>
>>
>> JASON
>>
>>
>>
>> On Mon, Apr 24, 2017 at 7:26 AM, Dilek Gider <dilek.gider at basistek.com>
>> wrote:
>>
>> Hi Again,
>>
>>
>>
>> Is there anybody to help me please.. Details are below.
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: *Dilek Gider* <dilek.gider at basistek.com>
>> Date: Thu, Apr 20, 2017 at 4:20 PM
>> Subject: AD configuration with LDAP Connector, ssl issue
>> To: midPoint General Discussion <midpoint at lists.evolveum.com>
>>
>> Hi ,
>>
>>
>>
>> I have resource to AD from midpoint, with LDAP Connector. You can find
>> resource.xml as attchment. I couldn't connect this resource with LDAP via
>> SSL. I followed
>>
>>
>>
>> https://wiki.evolveum.com/display/midPoint/Keystore+Configuration
>> <https://wiki.evolveum.com/displ%20ay/midPoint/Keystore+Configuration>
>>
>>
>>
>> link, added Tomcat java options but it doens't work. Also I added logs
>> about this resource, error logs.
>>
>>
>>
>> I wrote java jar to connect AD via ssl and execute it from the same
>> location with my java connector, it succeeded. But  in midpoint it could
>> not communicate with AD via SSL. Without SSL, it is communicating with AD
>> from LDAPConnector.
>>
>>
>>
>> I have java 8_101, tomcat 8.5.
>>
>> I have certificate as "cer" file, I imported to both java cacerts and
>> midpoint keystore. and it is listed with my alias:
>>
>> Keystore type: JCEKS
>>
>> Keystore provider: SunJCE
>>
>>
>>
>> Your keystore contains 3 entries
>>
>>
>>
>> nlight, Mar 21, 2017, trustedCertEntry,
>>
>> Certificate fingerprint (SHA1): XXXXXXXXX
>>
>> default, Nov 30, 2016, SecretKeyEntry,
>>
>> tirsantest.local, Apr 19, 2017, trustedCertEntry,
>>
>> Certificate fingerprint (SHA1): XXXXXXXXXXXX
>>
>>
>>
>> Could you help me? I am working on this problem for two weeks.
>>
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/ listinfo/midpoint
>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>>
>>
>>
>>
>>
>> *This email, and any attachment, is confidential and also privileged. If
>> you have received it in error, please notify me immediately and delete it
>> from your system along with any attachments. You should not copy or use it
>> for any purpose, nor disclose its contents to any other person. *
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170425/bf24be69/attachment.htm>

More information about the midPoint mailing list