AnsweredAssumed Answered

Secure LDAP issues from RSA IDR to Domain Controller

Question asked by Zack Koenig on Jul 11, 2018
Latest reply on Jul 24, 2018 by Lyndal Kanagasabai

We have upgraded our CA and now we are having issues using secure LDAP port 636 from the IDRs to the Domain Controller. We have uploaded the new CA certs to the IDR but are receiving errors when connecting to the domain controller. I think this issue might be caused by the IDR not being compatible with the Signature algorithm RSASSA-PSS on the new CA Cert. Can somebody confirm the requirements for CA certs on the RSA IDRs?

 

Synchronization Status

Synchronization failed on Jul 11, 2018 11:24 AM CDT.

 

Reason: Possible invalid port, or the LDAP directory server might not be running.

 

Connection Test

Contacting Directory Server
Errors Occurred
Unable to connect to directory server over SSL. Ensure directory server is configured for SSL connections and proper SSL trusted CA certificates are configured.

 Raw IDR Logs:

 

Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: SHA256withRSAPSS
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
... 48 more
Caused by: java.security.cert.CertPathValidatorException: Algorithm constraints check failed on signature algorithm: SHA256withRSAPSS

Outcomes