Expand my Community achievements bar.

What is the path to import certificates to enable SSL LDAP for AEM Forms 6.5?

Avatar

Level 2
Level 2
8/25/22 11:23:16 AM

I have AEM Forms 6.5 single server on Windows, and I need to enable SSL LDAP.  According to the configuration instructions, I executed the command below:

keytool -import -alias CERTALIAS -file "E:\certificates\MY CERT Expiration 6-13-25.crt" -keystore D:\Adobe\Adobe_Experience_Manager_Forms\jre\lib\security\cacerts

 

The path is where my AEM Forms installation resides.  After executing the command, I get these results:

Trust this certificate? [no]: y
Certificate was added to keystore

 

However, the configuration test fails, with this error

11:49:30,313 INFO [com.adobe.idp.um.businesslogic.synch.LdapHelper] (default task-265) Following stacktrace is generated due to the Test LDAP Server Configuration action : javax.naming.CommunicationException: server.dom.dom.dom:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

Views

1.3K

Replies

8
Sign in to like this content

Total Likes

Translate
Translate
8 Replies

Avatar

Employee Advisor
Employee Advisor
8/25/22 9:30:56 PM

@coldwarsoldier 

I don't see any reason this test connection will fail as the certificate was added successfully. Are you able to list[0] the certificate as well?

A couple of quick checks:

- Is the AEM Forms server taking up the OOTB Java home under AEM Forms directory or something else? Usually it's under <C:\Program Files\Java\>.

- I see that the certificate was picked from a different directory (C: and D:) and the certificate name has spaces (although you have given the path in quotes). Do list the certificate to cross-check this one.

 

[0] - 

keytool -list -keystore cacerts -alias CERTALIAS

 

Views

1.3K

Replies

5
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
8/26/22 6:26:12 AM
In response to Pulkit_Jain_

Thank you Pulkit for your insight full help.  I successfully imported the certificates to all the Java keystores in my server:

"C:\Program Files\Java\jdk-11.0.15.1\lib\security\cacerts"

"C:\Program Files (x86)\Java\jre1.8.0_341\lib\security\cacerts"

D:\Adobe\Adobe_Experience_Manager_Forms\jre\lib\security\cacerts

The last path is where AEM Forms program is installed.  I also can list the certificates, when I execute this command:  

keytool -list -keystore cacerts -alias CERTALIAS

Yesterday before I left, I got a different error. Here is the error:

14:35:53,110 INFO [com.adobe.idp.um.businesslogic.synch.LdapHelper] (default task-216) Following stacktrace is generated due to the Test LDAP Server Configuration action : javax.naming.ServiceUnavailableException: server.dom.dom.com:636; socket closed

But today, I am back to the original error:

08:05:12,451 INFO [com.adobe.idp.um.businesslogic.synch.LdapHelper] (default task-540) Following stacktrace is generated due to the Test LDAP Server Configuration action : javax.naming.CommunicationException: server.dom.dom.com:636:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

 

Views

1.3K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
8/26/22 8:32:06 AM
In response to coldwarsoldier

@coldwarsoldier 

Multiple computer drives, so it's creating some confusion  

The new error msg looks a little off to me (e.g. - .... server.dom.dom.com:636:636 ....- two ports?) unless it's a typo.

Could you enable the debug logs for "com.adobe.idp.um" package and share the logs from the window of the test connection?

 

 

Views

1.3K

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
8/26/22 9:01:58 AM
In response to Pulkit_Jain_

I am even more confused,  hence my original questions.  I have been chasing my tail with this problem for over two days.

 

The 636:636 duplicate port is a copy and paste mistake on my part.

 

How do I enable debug for "com.adobe.idp.um" package? Is this done standalone.cong.bat or Adobe Experience Manager Web Console Bundles?  Can you please provide more details on how to enable?  Thanks.

Views

1.2K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
8/26/22 11:57:21 PM
In response to coldwarsoldier

@coldwarsoldier 

This should help - https://experienceleague.adobe.com/docs/experience-manager-learn/forms/troubleshooting/steps-to-enab... 

For a quick turnaround on this issue, I suggest you raise a ticket with support and get the settings reviewed over a screen share.

Views

1.2K

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
8/29/22 5:58:20 AM
In response to Pulkit_Jain_

Thank you Pulkit for all your help. I will open a support ticket.

Views

1.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM Administrator profile is missing in Admin console

Views

237

Likes

0

Replies

1
Livecycle forms not working with Screen reader

Views

420

Likes

0

Replies

11
AEM 6.5 SP21 org.apache.sling.security.impl.ReferrerFilter Rejected referrer header for POST request to /lc/content/xfaforms/profiles forbidden

Views

187

Likes

0

Replies

2
Cloud manager pipeline - PAT token -401 unauthorized to build maven artifacts

Views

303

Likes

0

Replies

3
AEM Forms Designer PDF Preview not showing data

Views

907

Likes

0

Replies

13