Error -
ested fault: simple bind failed: devad.mycompay.com:636: javax.naming.CommunicationException: simple bind failed: devad.mycompay.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.InitialContext.<init>(InitialContext.java:197) at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82) at com.vordel.common.ldap.LdapLookup$CachedContext.<init>(LdapLookup.java:239) at com.vordel.common.ldap.LdapLookup$ContextCache.factory(LdapLookup.java:255) at com.vordel.common.ldap.LdapLookup$ContextCache.factory(LdapLookup.java:247) at com.vordel.system.PoolCache.hold(PoolCache.java:37) at com.vordel.common.ldap.LdapLookup$InContext.runCached(LdapLookup.java:176) at com.vordel.common.ldap.LdapLookup$InContext.run(LdapLookup.java:158) at com.vordel.common.ldap.LdapLookup.search(LdapLookup.java:540) at com.vordel.common.ldap.LdapLookup.search(LdapLookup.java:505) at com.vordel.circuit.attribute.AttribLdapLookup.getAttributes(AttribLdapLookup.java:155) at com.vordel.circuit.attribute.AttributeExtractLdapProcessor.getAttributes(AttributeExtractLdapProcessor.java:122) at com.vordel.circuit.attribute.AttributeExtractBaseProcessor.invoke(AttributeExtractBaseProcessor.java:149) at com.vordel.circuit.InvocationEngine.invokeFilter(InvocationEngine.java:160) at com.vordel.circuit.InvocationEngine.invokeCircuit(InvocationEngine.java:52) at com.vordel.circuit.InvocationEngine.processMessage(InvocationEngine.java:241) at com.vordel.circuit.SyntheticCircuitChainProcessor.invoke(SyntheticCircuitChainProcessor.java:36) at com.vordel.dwe.http.HTTPPlugin.invokeDispose(HTTPPlugin.java:300) at com.vordel.dwe.http.HTTPPlugin.invoke(HTTPPlugin.java:166) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:753) at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75) at java.io.BufferedInputStream.fill(BufferedInputStream.java:218) at java.io.BufferedInputStream.read1(BufferedInputStream.java:258) at java.io.BufferedInputStream.read(BufferedInputStream.java:317) at com.sun.jndi.ldap.Connection.run(Connection.java:808) at java.lang.Thread.run(Thread.java:662) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185) ... 12 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318) ... 18 more
Solution
1. Add the Root certificate of the Active Directory in java keystore cacerts . Keystore cacerts is located in following directory.
/opt/oracle/OAG-11.1.2.1.0/apigateway/Linux.x86_64/jre/lib/security/
Command to import -
keytool -import -trustcacerts -alias ADRoot -file CelgeneCertificates/RootIntCA.cer -keystore cacerts
2.
Restarts the gateway servers
Start Admin Node Manager:
/opt/oracle/OAG-11.1.2.1.0/apigateway/posix/bin/nodemanager -d
Stop:
/opt/oracle/OAG-11.1.2.1.0/apigateway/posix/bin/nodemanager -k
Stop API Gateway Server
/opt/oracle/OAG-11.1.2.1.0/apigateway/posix/bin/startinstance -g "DevGroup1" -n "DevGateway1" -k
/opt/oracle/OAG-11.1.2.1.0/apigateway/posix/bin/startinstance -g "DevGroup1" -n "DevGateway1" -d
