customer of mine has a Oracle PeopleSoft application at root domain (example domain.local) All their users are located at child domain (example child.domain.local).
they want to implement Secure LDAP for authentication. I have enable the Secure LDAP on the child domain with server Self Sign cert for testing purpose.
now the question is:-
1. customer has root domain wildcard public signed cert, according to the CA, the current root domain wildcard cert is usable for child domain as well but when I try with LDP tool, the query will failed.
if I use the CA signed wildcard root cert, I will not able to query it with port 636 with LDP tool. but it I use self sign cert, the query will passed through.
2. if I use self sign cert, from the AD server itself I can get the correct test result with LDP.exe tool. but, from application site, the authentication is failed.
the error is "APPSRV.1300 (4344) [08/23/16 10:24:25 username@client IP (Safari 537.36; WIN7) ICPanel](3) LDAP Error Message : javax.naming.CommunicationException: simple bind failed: server Ip address:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain]"
I googled internet source and found some how the Oracle itself also required to upload the signed cert but I will leave to their apps folks to do this.
3. can root domain wildcard is able use for such implementation? any article I can refer to?