On 4/8/2019 9:56 AM, jrmhscht wrote:
>
> I usually import the CA into the java cacerts and use the server DNS
> name to connect. It always worked with 3.x, but didn't work with
> 3.1.3.
>
> I regenerated the LDAP certificates to include the IP addresses in the
> Subject Alternate Names and it looks like it is working now.


The 1.8 JVM latest update now requires that the SAN or Subject name
macth the URL it is used against, so heads up on that one. Possibly the
issue here.