By: Lars Van Casteren user 10 Dec 2018 at 2:38 p.m. CST

2 Responses
Lars Van Casteren gravatar
Hello, I succesfully configured an Active Directory authentication backend using port 389, cache refresh runs and I can log in with an AD user but when changing the backend to SSL 636 I get this error when cache refresh runs: ``` 2018-12-10 21:26:03,176 ERROR [ForkJoinPool.commonPool-worker-0] [org.gluu.oxtrust.ldap.service.StatusCheckerTimer] ( - Can not download ssl certificate No subject alternative names present at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at org.gluu.oxtrust.ldap.service.StatusCheckerTimer.setCertificateExpiryAttributes( [classes/:?] at org.gluu.oxtrust.ldap.service.StatusCheckerTimer.processInt( [classes/:?] at org.gluu.oxtrust.ldap.service.StatusCheckerTimer.process( [classes/:?] at org.gluu.oxtrust.ldap.service.StatusCheckerTimer$Proxy$_$$_WeldSubclass.process$$super(Unknown Source) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke( ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke( ~[?:1.8.0_181] at java.lang.reflect.Method.invoke( ~[?:1.8.0_181] at org.jboss.weld.interceptor.proxy.TerminalAroundInvokeInvocationContext.proceedInternal( [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.jboss.weld.interceptor.proxy.AroundInvokeInvocationContext.proceed( [weld-core-impl-3.0.5.Final.jar:3.0.5.Final] at org.xdi.service.cdi.async.AsynchronousInterceptor$1.get( [oxcore-service-3.1.4.Final.jar:?] at java.util.concurrent.CompletableFuture$ [?:1.8.0_181] at java.util.concurrent.CompletableFuture$AsyncSupply.exec( [?:1.8.0_181] at java.util.concurrent.ForkJoinTask.doExec( [?:1.8.0_181] at java.util.concurrent.ForkJoinPool$WorkQueue.runTask( [?:1.8.0_181] at java.util.concurrent.ForkJoinPool.runWorker( [?:1.8.0_181] at [?:1.8.0_181] Caused by: No subject alternative names present at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] at ~[?:1.8.0_181] ... 27 more ``` I tried added the downloaded AD SSL cert to cacerts but that didn't seem to help. Where should I start looking? Thanks for any hints! L

By Lars Van Casteren user 11 Dec 2018 at 6:16 a.m. CST

Lars Van Casteren gravatar
I've updated the Active Directory LDAP cert to include all possible SAN's but still I get the same error when running cache refresh. Downloading the cert via openssl shows it has multiple SAN's starting with: DNS Name= Authentication with that LDAP however works. Thanks for any help! L

By Lars Van Casteren user 11 Dec 2018 at 6:48 a.m. CST

Lars Van Casteren gravatar
I've created a github issue with some more information :