Spring security, ssl ldap and no certificate

10,682

It sounds like the certificate of the LDAP server is just self-cert rather than invalid.

To me the simplest solution would be to get that certificate and add it to the cacerts trust store in java. Once that's done the code will run without any modifications.

To get the certificate from the server:

$ openssl s_client -showcerts -connect ldapserver:636

The output will contain a number of entries delimited with

-----BEGIN CERTIFICATE-----
aklfhskfadljasdl1340234234ASDSDFSDFSDFSDFSD
....
-----END CERTIFICATE-----

Copy the last certificate entry into a file (ldapca.crt)

Then, add it to the java keystore in $JRE_HOME/lib/security

$ cd $JRE_HOME/lib/security
$ keytool -import -alias ldapca_self_sign -keystore cacerts -storepass changeit -file ldapca.crt

That means, you'll trust the certificate on the LDAP server and are using SSL correctly in your test environment (rather than having some custom code to switch off part of SSL checking).

Once you've done that (once) your code should run without any modifications.

Share:
10,682
Jerome Cance
Author by

Jerome Cance

Father, diver, technology enthousiast and Product Manager @CodinGame

Updated on June 04, 2022

Comments

  • Jerome Cance
    Jerome Cance over 1 year

    I use spring security to manage login. I've configured spring security to connect to a ldap server which is securized with ssl (ldaps).

    This server is a test server and has no valid certificate. When I try to test the login, spring security complains that the certificate cannot be verified (of course!):

    sun.security.validator.ValidatorException: PKIX path building failed: 
    sun.security.provider.certpath.SunCertPathBuilderException: unable to find
     valid certification path to requested target
    

    My question is simple : I don't want to manage any kind of certificate, I would like to deactivate the certificate check and keep using a ssl ldap. How can I do that ?