Yeah, I know, old server. IDM 3.6.1 Patch C
Working fine for months, then today nobody could login to it.

I stopped/restarted jboss and even rebooted the server, but this
error(s) shows up (technically the tomcat portion does start):

> 2013-08-14 09:35:20,012 INFO
> [org.hibernate.cfg.SettingsFactory:buildSettings] JPA-QL strict
> compliance: disabled
> 2013-08-14 09:35:20,012 INFO
> [org.hibernate.cfg.SettingsFactory:buildSettings] Second-level cache:
> disabled
> 2013-08-14 09:35:20,012 INFO
> [org.hibernate.cfg.SettingsFactory:buildSettings] Query cache: disabled
> 2013-08-14 09:35:20,012 INFO
> [org.hibernate.cfg.SettingsFactory:buildSettings] Optimize cache for
> minimal puts: disabled
> 2013-08-14 09:35:20,012 INFO
> [org.hibernate.cfg.SettingsFactory:buildSettings] Structured
> second-level cache entries: disabled
> 2013-08-14 09:35:20,024 INFO
> [org.hibernate.cfg.SettingsFactory:buildSettings] Statistics: disabled
> 2013-08-14 09:35:20,024 INFO
> [org.hibernate.cfg.SettingsFactory:buildSettings] Deleted entity
> synthetic identifier rollback: disabled
> 2013-08-14 09:35:20,024 INFO
> [org.hibernate.cfg.SettingsFactory:buildSettings] Default entity-mode:
> pojo
> 2013-08-14 09:35:20,024 INFO
> [org.hibernate.cfg.SettingsFactory:buildSettings] Named query checking :
> enabled
> 2013-08-14 09:35:20,052 INFO
> [org.hibernate.impl.SessionFactoryImpl:<init>] building session factory
> 2013-08-14 09:35:20,452 INFO
> [org.hibernate.impl.SessionFactoryObjectFactory:add Instance] Not binding
> factory to JNDI, no JNDI name configured
> 2013-08-14 09:35:20,824 FATAL
> [com.sssw.fw.directory.api.EboDirectoryFactory:<cli nit>] An unexpected
> exception occurred in the directory layer.
> com.sssw.fw.exception.EboUnrecoverableSystemExcept ion: An unexpected
> exception occurred in the directory layer.
> at
> com.sssw.fw.directory.realm.impl.jndildap.EboLdapD irectoryConnection.createBaseContext(EboLdapDirect oryConnection.java:308)
> at
> com.sssw.fw.directory.realm.impl.jndildap.EboLdapD irectoryConnection.authenticate(EboLdapDirectoryCo nnection.java:166)
> at
> com.sssw.fw.directory.realm.impl.jndildap.EboLdapD irectoryConnectionManager.createConnectionArray(Eb oLdapDirectoryConnectionManager.java:327)
> at
> com.sssw.fw.directory.realm.impl.jndildap.EboLdapD irectoryConnectionManager.<init>(EboLdapDirectoryC onnectionManager.java:103)
> at
> com.sssw.fw.directory.realm.impl.jndildap.EboJndiL dapDirectoryFactory.createConnectionMgrInstance(Eb oJndiLdapDirectoryFactory.java:114)
> at
> com.sssw.fw.directory.api.EboDirectoryFactory$Conn MgrHolder.<clinit>(EboDirectoryFactory.java:72)
> at
> com.sssw.fw.directory.api.EboDirectoryFactory.getC onnMgr(EboDirectoryFactory.java:103)
> at com.sssw.fw.core.SystemConfig$1.run(SystemConfig.j ava:121)
>
>
> <SNIP>
>
>
> Caused by: javax.naming.CommunicationException: simple bind failed:
> server.abc.com:636 [Root exception is
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path validation failed:
> java.security.cert.CertPathValidatorException: timestamp check failed]
> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClie nt.java:197)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:263 7)
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapC txFactory.java:175)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Ldap CtxFactory.java:193)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstanc e(LdapCtxFactory.java:136)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (LdapCtxFactory.java:66)
> at
> javax.naming.spi.NamingManager.getInitialContext(N amingManager.java:667)
> at
> javax.naming.InitialContext.getDefaultInitCtx(Init ialContext.java:247)
> at javax.naming.InitialContext.init(InitialContext.ja va:223)
> at
> javax.naming.ldap.InitialLdapContext.<init>(Initia lLdapContext.java:134)
> at
> com.sssw.fw.directory.realm.impl.jndildap.EboLdapD irectoryConnection.createBaseContext(EboLdapDirect oryConnection.java:296)
> ... 149 more
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path validation failed:
> java.security.cert.CertPathValidatorException: timestamp check failed
> at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:150)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(S SLSocketImpl.java:1584)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:174)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:168)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:848)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(ClientHandshaker.java:106)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Handshaker.java:495)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Handshaker.java:433)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:877)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1089)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRe cord(SSLSocketImpl.java:618)
> at
> com.sun.net.ssl.internal.ssl.AppOutputStream.write (AppOutputStream.java:59)
> at
> java.io.BufferedOutputStream.flushBuffer(BufferedO utputStream.java:65)
> at java.io.BufferedOutputStream.flush(BufferedOutputS tream.java:123)
> at com.sun.jndi.ldap.Connection.writeRequest(Connecti on.java:390)
> at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.j ava:334)
> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClie nt.java:192)
> ... 160 more
> Caused by: sun.security.validator.ValidatorException: PKIX path
> validation failed: java.security.cert.CertPathValidatorException:
> timestamp check failed
> at
> sun.security.validator.PKIXValidator.doValidate(PK IXValidator.java:187)
> at
> sun.security.validator.PKIXValidator.engineValidat e(PKIXValidator.java:130)
> at sun.security.validator.Validator.validate(Validato r.java:203)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl. checkServerTrusted(X509TrustManagerImpl.java:172)
> at
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager. checkServerTrusted(SSLContextImpl.java:320)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:841)
> ... 172 more
>


I'm assuming it's the eDir SSL certs, but I've checked/validated and
they are valid until May 2014.
I've even restarted the eDir server, I stopped JBoss, I re-ran config
update and selected the root DN, and saved the config, yet it still
won't startup (same error)

???

I vaguely remember having to do something odd/funky before to get the
SSL certs into UA right, but can't remember.

There is the keystore file with the password, but I thought that was
just for the Root CA SSL cert (which has not expired)


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=48395