LDAP: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:

Issue

You are getting the stacktrace below:

15:57:48,252 WARNING [hudson.security.LDAPSecurityRealm] (Handling GET /jenkins/ from 127.0.0.1 : http-/X.X.X.X:8080-1) Failed to search LDAP for username=userNAME: org.acegisecurity.ldap.LdapDataAccessException: Unable to connect to LDAP server; nested exception is javax.naming.CommunicationException: simple bind failed: ldap.host.com:PORT [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

Environment

  • CloudBees Jenkins Enterprise
  • LDAP

Resolution

The problem is with this PKIX error. Do you have a self-signed certificate or one signed by your CA? If you do you might need to add it as part of the new JDKs cacert file located in JAVA_HOME/jre/lib/security for the JDK installation, or JAVA_HOME/lib/security for the JRE installation. This could explain why you are experiencing no issues with older JDK versions, but have issues with the new version. You would need to run the keytool -import command with your LDAPs certificate.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.