Hi there,
I try to connect from Confluence 7.1 to our LDAPS-Server and the server always throws the error message :
Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: pnw.loc:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: critical policy qualifiers present in certificate]]
I imported our root-ca, sub-ca, server-cert and ldaps-cert into the only truststore from the Confluence 7.1 installation and checked the ssl connection via SSL Poke
E:\Confluence-home\jre\bin>java.exe SSLPoke adldaps.pnw.loc 636
Successfully connected
This works... but as you can see from the error message COnfluence wants to connect to "pnw.loc 636". When I try that with SSLPoke
E:\Confluence-home\jre\bin>java.exe SSLPoke pnw.loc 636
sun.security.validator.ValidatorException: PKIX path validation failed: java.sec
urity.cert.CertPathValidatorException: critical policy qualifiers present in cer
tificate
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:36
2)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav
a:259)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.j
ava:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerIm
pl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustMan
agerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
java:1621)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav
a:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.
java:1367)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
at SSLPoke.main(SSLPoke.java:31)
Caused by: java.security.cert.CertPathValidatorException: critical policy qualif
iers present in certificate
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(P
KIXMasterCertPathValidator.java:135)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCer
tPathValidator.java:233)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCer
tPathValidator.java:141)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(P
KIXCertPathValidator.java:80)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:
292)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:35
7)
... 15 more
Caused by: java.security.cert.CertPathValidatorException: critical policy qualif
iers present in certificate
at sun.security.provider.certpath.PolicyChecker.processPolicies(PolicyCh
ecker.java:487)
at sun.security.provider.certpath.PolicyChecker.checkPolicy(PolicyChecke
r.java:225)
at sun.security.provider.certpath.PolicyChecker.check(PolicyChecker.java
:180)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(P
KIXMasterCertPathValidator.java:125)
... 20 moreyou see??
I had a look at the config-DB and the LDAP-server is set correctly (adldaps.pnw.loc).
I asked Atlassian.... and they asked me to ask you...
Anyone an idea?
Kind Regards
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.