NX_CMDB_VISUALIZER environment variable on secondary servers is overwritten on services startup

Document ID : KB000017730
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Binding to the LDAP fails when attempting to test the LDAPS connection with the SSO utility with the following error message:

Could not obtain a DirectoryContext.
javax.naming.CommunicationException: simple bind failed: <ldap server name>:636 [Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find validcertification path to requested target]

Bind to the directory failed.

Solution:

  1. Make sure the certificate is imported into the correct java keystore:

    1. Import the certificate into the Java Trusted Certificates keystore using the following command:

      keytool -importcert -keystore installDirectory/jre/ lib/security/cacerts -storepass cacertspasswd -alias alias -file filename.cer
      keystore : he location of the keystore file (.ks).
      cacertspasswd : Specifies the password for the cacerts keystore. Default: changeit
      filename.cer : The filename of the certificate.

    2. Create a backup of the cacerts file.

    3. (Optional) For more security, change the password of the java trusted

      certificates keystore using the following command:
      keytool -storepasswd -keystore installDirectory/ jre/lib/security/cacerts
      You are prompted to provide the existing password and the new password.

    4. Verify that your imported certificate is available. Use the following

      command:
      keytool -list -keystore

  2. Other JRE's not installed by the product may cause conflicts with the keystore. If that is the case uninstall JRE's that are not part of the product's installation.