CA Directory Management UI Login failed with certificate error in logs

Document ID : KB000008870
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

After performing the setup for high availability for Directory Management UI as specified in the documentation,
you get the error "Login failed"when trying to login the the Admin UI.

 

The log shows certificate errors similar to these:

...: authenticating user against server \"ldaps://GIG-APP20-O:10389\"","timestamp":"2017-11-07T13:36:34.506Z"}
{"level":"error","message":"Authenticating user \"Admin\" ...: Connection error when trying to connect to LDAP server, error: Error: self signed certificate in certificate chain","timestamp":"2017-11-07T13:36:34.560Z"}
{"level":"info","message":"Authenticating user \"Admin\" ...: authenticating user against server \"ldaps://GIG-APP21-O:10389\"","timestamp":"2017-11-07T13:36:34.564Z"}
{"level":"error","message":"Authenticating user \"Admin\" ...: Connection error when trying to connect to LDAP server, error: Error: self signed certificate in certificate chain","timestamp":"2017-11-07T13:36:34.631Z"}

Environment:
CA Directory 12.6
Cause:

You may be experiencing a known issue (fixed in a later release) with the order the certificates are listed in the trusted.pem file.

Resolution:

To resolve this problem, open the file <DXHOME>\config\ssld\trusted.pem.
Trusted.peme contains multiple CA certificates that are concatenated together.

Now, move the certificate with subject "C=AU, O=DXCertGenPKI, CN=DXCertGenCA" to the top.

Be careful when editing this as you want to cut the entire textual description starting with the header "Certificate:" until the end of the Base64 encoded certificate "-----END CERTIFICATE-----".

And then paste it to the top of the file. Do this for both all DSAs (GIG-APP20-O:10389 and  GIG-APP21-O:10389, for example) listed in the error messages.

Then restart the DSAs and Mgmt UI Server and try to log in.