This conversation has been locked due to inactivity. Please create a new post.
 
     
     
    
            
          
This conversation has been locked due to inactivity. Please create a new post.
           
        
I have AEM Forms 6.5 single server on Windows, and I need to enable SSL LDAP. According to the configuration instructions, I executed the command below:
keytool -import -alias CERTALIAS -file "E:\certificates\MY CERT Expiration 6-13-25.crt" -keystore D:\Adobe\Adobe_Experience_Manager_Forms\jre\lib\security\cacerts
The path is where my AEM Forms installation resides. After executing the command, I get these results:
Trust this certificate? [no]: y
Certificate was added to keystore
However, the configuration test fails, with this error
11:49:30,313 INFO [com.adobe.idp.um.businesslogic.synch.LdapHelper] (default task-265) Following stacktrace is generated due to the Test LDAP Server Configuration action : javax.naming.CommunicationException: server.dom.dom.dom:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Views
Replies
Total Likes
          
        
           
        
I am using the AEM 6.5 Forms guide instructions below, but it is not working
          
        
I don't see any reason this test connection will fail as the certificate was added successfully. Are you able to list[0] the certificate as well?
A couple of quick checks:
- Is the AEM Forms server taking up the OOTB Java home under AEM Forms directory or something else? Usually it's under <C:\Program Files\Java\>.
- I see that the certificate was picked from a different directory (C: and D:) and the certificate name has spaces (although you have given the path in quotes). Do list the certificate to cross-check this one.
[0] -
keytool -list -keystore cacerts -alias CERTALIAS
           
        
Thank you Pulkit for your insight full help. I successfully imported the certificates to all the Java keystores in my server:
"C:\Program Files\Java\jdk-11.0.15.1\lib\security\cacerts"
"C:\Program Files (x86)\Java\jre1.8.0_341\lib\security\cacerts"
D:\Adobe\Adobe_Experience_Manager_Forms\jre\lib\security\cacerts
The last path is where AEM Forms program is installed. I also can list the certificates, when I execute this command:
keytool -list -keystore cacerts -alias CERTALIASYesterday before I left, I got a different error. Here is the error:
14:35:53,110 INFO [com.adobe.idp.um.businesslogic.synch.LdapHelper] (default task-216) Following stacktrace is generated due to the Test LDAP Server Configuration action : javax.naming.ServiceUnavailableException: server.dom.dom.com:636; socket closed
But today, I am back to the original error:
08:05:12,451 INFO [com.adobe.idp.um.businesslogic.synch.LdapHelper] (default task-540) Following stacktrace is generated due to the Test LDAP Server Configuration action : javax.naming.CommunicationException: server.dom.dom.com:636:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
          
        
Multiple computer drives, so it's creating some confusion 🙂
The new error msg looks a little off to me (e.g. - .... server.dom.dom.com:636:636 ....- two ports?) unless it's a typo.
Could you enable the debug logs for "com.adobe.idp.um" package and share the logs from the window of the test connection?
           
        
I am even more confused, hence my original questions. I have been chasing my tail with this problem for over two days.
The 636:636 duplicate port is a copy and paste mistake on my part.
How do I enable debug for "com.adobe.idp.um" package? Is this done standalone.cong.bat or Adobe Experience Manager Web Console Bundles? Can you please provide more details on how to enable? Thanks.
          
        
This should help - https://experienceleague.adobe.com/docs/experience-manager-learn/forms/troubleshooting/steps-to-enab...
For a quick turnaround on this issue, I suggest you raise a ticket with support and get the settings reviewed over a screen share.
           
        
Thank you Pulkit for all your help. I will open a support ticket.
