Expand my Community achievements bar.

What is the path to import certificates to enable SSL LDAP for AEM Forms 6.5?


Level 2

I have AEM Forms 6.5 single server on Windows, and I need to enable SSL LDAP.  According to the configuration instructions, I executed the command below:

keytool -import -alias CERTALIAS -file "E:\certificates\MY CERT Expiration 6-13-25.crt" -keystore D:\Adobe\Adobe_Experience_Manager_Forms\jre\lib\security\cacerts


The path is where my AEM Forms installation resides.  After executing the command, I get these results:

Trust this certificate? [no]: y
Certificate was added to keystore


However, the configuration test fails, with this error

11:49:30,313 INFO [com.adobe.idp.um.businesslogic.synch.LdapHelper] (default task-265) Following stacktrace is generated due to the Test LDAP Server Configuration action : javax.naming.CommunicationException: server.dom.dom.dom:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

8 Replies


Employee Advisor


Level 2

I am using the AEM 6.5 Forms guide instructions below, but it is not working




Employee Advisor


I don't see any reason this test connection will fail as the certificate was added successfully. Are you able to list[0] the certificate as well?

A couple of quick checks:

- Is the AEM Forms server taking up the OOTB Java home under AEM Forms directory or something else? Usually it's under <C:\Program Files\Java\>.

- I see that the certificate was picked from a different directory (C: and D:) and the certificate name has spaces (although you have given the path in quotes). Do list the certificate to cross-check this one.


[0] - 

keytool -list -keystore cacerts -alias CERTALIAS



Level 2

Thank you Pulkit for your insight full help.  I successfully imported the certificates to all the Java keystores in my server:

"C:\Program Files\Java\jdk-\lib\security\cacerts"

"C:\Program Files (x86)\Java\jre1.8.0_341\lib\security\cacerts"


The last path is where AEM Forms program is installed.  I also can list the certificates, when I execute this command:  

keytool -list -keystore cacerts -alias CERTALIAS

Yesterday before I left, I got a different error. Here is the error:

14:35:53,110 INFO [com.adobe.idp.um.businesslogic.synch.LdapHelper] (default task-216) Following stacktrace is generated due to the Test LDAP Server Configuration action : javax.naming.ServiceUnavailableException: server.dom.dom.com:636; socket closed

But today, I am back to the original error:

08:05:12,451 INFO [com.adobe.idp.um.businesslogic.synch.LdapHelper] (default task-540) Following stacktrace is generated due to the Test LDAP Server Configuration action : javax.naming.CommunicationException: server.dom.dom.com:636:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]



Employee Advisor


Multiple computer drives, so it's creating some confusion  

The new error msg looks a little off to me (e.g. - .... server.dom.dom.com:636:636 ....- two ports?) unless it's a typo.

Could you enable the debug logs for "com.adobe.idp.um" package and share the logs from the window of the test connection?




Level 2

I am even more confused,  hence my original questions.  I have been chasing my tail with this problem for over two days.


The 636:636 duplicate port is a copy and paste mistake on my part.


How do I enable debug for "com.adobe.idp.um" package? Is this done standalone.cong.bat or Adobe Experience Manager Web Console Bundles?  Can you please provide more details on how to enable?  Thanks.


Employee Advisor


This should help - https://experienceleague.adobe.com/docs/experience-manager-learn/forms/troubleshooting/steps-to-enab... 

For a quick turnaround on this issue, I suggest you raise a ticket with support and get the settings reviewed over a screen share.


Level 2

Thank you Pulkit for all your help. I will open a support ticket.