Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

What is the path to import certificates to enable SSL LDAP for AEM Forms 6.5?

Avatar

Level 2

I have AEM Forms 6.5 single server on Windows, and I need to enable SSL LDAP.  According to the configuration instructions, I executed the command below:

keytool -import -alias CERTALIAS -file "E:\certificates\MY CERT Expiration 6-13-25.crt" -keystore D:\Adobe\Adobe_Experience_Manager_Forms\jre\lib\security\cacerts

 

The path is where my AEM Forms installation resides.  After executing the command, I get these results:

Trust this certificate? [no]: y
Certificate was added to keystore

 

However, the configuration test fails, with this error

11:49:30,313 INFO [com.adobe.idp.um.businesslogic.synch.LdapHelper] (default task-265) Following stacktrace is generated due to the Test LDAP Server Configuration action : javax.naming.CommunicationException: server.dom.dom.dom:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

8 Replies

Avatar

Employee Advisor

@coldwarsoldier 

I don't see any reason this test connection will fail as the certificate was added successfully. Are you able to list[0] the certificate as well?

A couple of quick checks:

- Is the AEM Forms server taking up the OOTB Java home under AEM Forms directory or something else? Usually it's under <C:\Program Files\Java\>.

- I see that the certificate was picked from a different directory (C: and D:) and the certificate name has spaces (although you have given the path in quotes). Do list the certificate to cross-check this one.

 

[0] - 

keytool -list -keystore cacerts -alias CERTALIAS

 

Avatar

Level 2

Thank you Pulkit for your insight full help.  I successfully imported the certificates to all the Java keystores in my server:

"C:\Program Files\Java\jdk-11.0.15.1\lib\security\cacerts"

"C:\Program Files (x86)\Java\jre1.8.0_341\lib\security\cacerts"

D:\Adobe\Adobe_Experience_Manager_Forms\jre\lib\security\cacerts

The last path is where AEM Forms program is installed.  I also can list the certificates, when I execute this command:  

keytool -list -keystore cacerts -alias CERTALIAS

Yesterday before I left, I got a different error. Here is the error:

14:35:53,110 INFO [com.adobe.idp.um.businesslogic.synch.LdapHelper] (default task-216) Following stacktrace is generated due to the Test LDAP Server Configuration action : javax.naming.ServiceUnavailableException: server.dom.dom.com:636; socket closed

But today, I am back to the original error:

08:05:12,451 INFO [com.adobe.idp.um.businesslogic.synch.LdapHelper] (default task-540) Following stacktrace is generated due to the Test LDAP Server Configuration action : javax.naming.CommunicationException: server.dom.dom.com:636:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

 

Avatar

Employee Advisor

@coldwarsoldier 

Multiple computer drives, so it's creating some confusion 🙂 

The new error msg looks a little off to me (e.g. - .... server.dom.dom.com:636:636 ....- two ports?) unless it's a typo.

Could you enable the debug logs for "com.adobe.idp.um" package and share the logs from the window of the test connection?

 

 

Avatar

Level 2

I am even more confused,  hence my original questions.  I have been chasing my tail with this problem for over two days.

 

The 636:636 duplicate port is a copy and paste mistake on my part.

 

How do I enable debug for "com.adobe.idp.um" package? Is this done standalone.cong.bat or Adobe Experience Manager Web Console Bundles?  Can you please provide more details on how to enable?  Thanks.

Avatar

Employee Advisor

@coldwarsoldier 

This should help - https://experienceleague.adobe.com/docs/experience-manager-learn/forms/troubleshooting/steps-to-enab... 

For a quick turnaround on this issue, I suggest you raise a ticket with support and get the settings reviewed over a screen share.