I have a webservice(written in java) which is connecting to our active directory and I'm trying to make it use the SSL protocole for this connection so I've downloaded the certificate from the URL import it in my truststore and specify in my code to use SSL protocol security like this :
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put(Context.PROVIDER_URL, "ldap://MyHost:636");
My problem is that the connection doesn't work all the time and i get this error :
javax.naming.CommunicationException: simple bind failed: MyHost:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
My idea is that there is more than one certificate on this host and when I try to connect it's doesn't always use the right certificate (the one I have in my truststore) So is there a way to specify in java which certificate to use ? by a name or alias or something else ?
Thanks for your time and help
First: Are you sure you added the right certificate to your truststore AND you are using the right truststore? You can specify the truststore:
Second: Does you AD cert have any intermediate Certificate Authorities?
Third: See the link Obtain the CA Certificate from AD They shows how to get the cert form AD in a couple of methods.
-jim