CAST Imaging - GUI - Login - Authentication - LDAP Authentication - Login failure due to exception javax.net.ssl.SSLHandshakeException: PKIX path building failed

This page will guide you to solve the login error 'PKIX path building failed' when imaging is configured to use ldaps authentication.   

   Error log : 

[Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

For more information refer to : Configuring authentication using LDAP/LDAPS

 

 

Imaging version

Yes/No

2.x (tick)

 

 

Action Plan

  1. Configure LDAPS authentication for imaging.

  2. Enable ldap debug mode by adding below lines in application.properties file( path : %APPDATA%\CAST\ImagingSystem\login)

          logging.level.org.castsoftware.aip.console.services.ldap=debug
          logging.level.org.springframework.security.ldap=debug
          logging.level.org.springframework.ldap=debug

       3.  Restart service "CAST Imaging - login service"

       4. Login fails due to error "Incorrect username or password. please try again."

       5. Observe below exception from loginservice.log(path : <Imaging-install-path>\logs).

[Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

 

 

Error "PKIX path building failed"  during ldaps authentication occurs when ssl certificate of the ldap server is not present in the trust store of embedded jdk used by imaging system. 

Perform the below actions to import the ssl certificate to trust store.

  1. Contact your IT team and get the ssl certificate of ldap server in .cer or .crt format.
  2. Navigate to path "<Imaging-install-path>\jdk\bin" and open command prompt.
  3. Run the below command. 

     keytool -importcert -trustcacerts -file <certificate file> -keystore "<imagingsystem-install-path>\jdk\lib\security\cacerts" -storepass <password>
    
              <certificate file>: the path to the file containing the CER-encoded certificate
    
               <storepass> :  Password for the CA certs key store. Default password is "changeit"

     

  4. Restart service "CAST Imaging - login service" .
  5. If the above steps do not solve your issue contact CAST Technical Support with the Relevant input in order to reproduce the issue.   

 

 

Ticket # 39083

 

 

 

 

 

Have more questions? Submit a request

Comments

Powered by Zendesk