We have a Blackboard LMS. Blackboard has 3 mechanisms for authentication 1) Builtin 2) LDAPS and 3) StartTLS . Blackboard uses Tomcat for its webserver so I have an InCommon certificate installed. It works great and is valid for another 2 years. I forgot to mention that we are running Blackboard on Windows Server 2012. It is connected to the domain and is natted. Our Domain Controller is Active directory running on Server 2012. We set up an internal windows CA and used it to generate a certificate for AD. We have two Barracuda Load balancers also. When I configure Blackboard to use ldaps pointing to the load balancers it works fine. Blackboard recommends StartTLS. My network admin doesn't want people from the outside hitting the loadbalancers to authenticate from AD on port 389 (an unsecured port) He has me trying to use AD directly. When I configure BB to use startTLS and point it to AD it always fails. BB has a test your connection feature so this is how I know. This is the error I get:
javax.naming.NamingException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I was wondering if anyone might have a suggestion. I took the certificate from AD and imported it into the JDK's lib/cacerts keystore but I still get the same error.