Error of LDAP connection when use SSL certificate

Archi · ‎01-17-2020

Hi guys!
We use SN v. Madrid on premise. I copied PROD instance for developer tasks. It was new DEV. Also we had old DEV.
On PROD we used LDAP with SSL certificate. On PROD and on old DEV instances all correct still working.

But on new DEV (which was a replica of PROD) we had error such this then we tested LDAP connection:
ldaps://XXX.YYY.ZZZ.3:636 java.security.cert.CertificateException: No subject alternative names matching IP address XXX.YYY.ZZZ.3 found

I found information about this error in internet.
«LDAP is asking Java Secure Socket Extension (JSSE) to validate the LDAP server's certificate to ensure it is compliant with hostname verification. With this change, if the server's certificate is not compliant, the exception will be thrown. In the past, LDAP did not request JSSE to perform hostname verification and a non-compliant server certificate would not have shown this error.»
https://www.ibm.com/support/pages/how-resolve-ldap-error-javaxnetsslsslhandshakeexception-javasecuritycertcertificateexception-no-subject-alternative-dns-name-matching-ip-address-found

But this certificate working on PROD and old DEV. Not working only on new DEV.
Somebody have any ideas?

Thanks!

Harsh Vardhan · ‎01-17-2020

kindly have a look on below link.

https://stackoverflow.com/questions/29157861/java-certificateexception-no-subject-alternative-names-...

Archi · ‎01-17-2020

Thanks Harshvardhan. I saw it. But why 2 of 3 instances doesnt have errors? This is same LDAP server in each instance. All of them have similar settings, i checked.

Harsh Vardhan · ‎01-17-2020

did you upgrade your instance ?

Archi · ‎01-17-2020

Versions of instances:

PROD glide-madrid-12-18-2018__patch5-06-26-2019 //LDAP worked

New DEV glide-madrid-12-18-2018__patch5-06-26-2019 //error of LDAP

Old DEV glide-madrid-12-18-2018__patch6-07-24-2019 //LDAP worked