fgmiller
asked on
Blackboard SSL and AD
We have a Blackboard LMS. Blackboard has 3 mechanisms for authentication 1) Builtin 2) LDAPS and 3) StartTLS . Blackboard uses Tomcat for its webserver so I have an InCommon certificate installed. It works great and is valid for another 2 years. I forgot to mention that we are running Blackboard on Windows Server 2012. It is connected to the domain and is natted. Our Domain Controller is Active directory running on Server 2012. We set up an internal windows CA and used it to generate a certificate for AD. We have two Barracuda Load balancers also. When I configure Blackboard to use ldaps pointing to the load balancers it works fine. Blackboard recommends StartTLS. My network admin doesn't want people from the outside hitting the loadbalancers to authenticate from AD on port 389 (an unsecured port) He has me trying to use AD directly. When I configure BB to use startTLS and point it to AD it always fails. BB has a test your connection feature so this is how I know. This is the error I get:
javax.naming.NamingExcepti on: sun.security.validator.Val idatorExce ption: PKIX path building failed: sun.security.provider.cert path.SunCe rtPathBuil derExcepti on: unable to find valid certification path to requested target
I was wondering if anyone might have a suggestion. I took the certificate from AD and imported it into the JDK's lib/cacerts keystore but I still get the same error.
javax.naming.NamingExcepti
I was wondering if anyone might have a suggestion. I took the certificate from AD and imported it into the JDK's lib/cacerts keystore but I still get the same error.
ASKER
Thanks for the reply.
I have the root/intermediate and client cert installed on the Blackboard server. My AD admins tell me that since the Windows CA is internal that the certificate that it issued for AD is it, there is no root or intermediate. I imported the certificate issued to AD into BB Tomcat into the jdk cacerts keystore and restarted Tomcat. This is on our test server.
I use the same FQDN to access Blackboard from inside or out. There haven't been any certificate issues that I know of.
I have the root/intermediate and client cert installed on the Blackboard server. My AD admins tell me that since the Windows CA is internal that the certificate that it issued for AD is it, there is no root or intermediate. I imported the certificate issued to AD into BB Tomcat into the jdk cacerts keystore and restarted Tomcat. This is on our test server.
I use the same FQDN to access Blackboard from inside or out. There haven't been any certificate issues that I know of.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found an article with the solution and tried it and it worked.
The error is telling you the certpath is still not valid / trusted.
Have you imported / trusted the internal root cert from the client machine, can you verify the path again from the client machine.
If its natted, are you still using the FQDN to access it internally and externally no cert issues on route ?