I have been porting a working app over from WebSphere 7 to JBoss EAP 7. I have the most of the thing working now after facing and overcoming many challenges. Now, as I promote this app up in our environment at my company from DEV to TEST, some of the things I'm connecting to are changing. The one thing that changed is the ldap URL for example in my JNDI properties - in DEV it was:
But now in the TEST tier, it is:
I was getting an error during the JMS lookup of the QueueConnectionFactory like this: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Then I figured that was related to not having the certificate for the ldap server. So, I imported the certificate into the jre's cacerts keystore using the following command:
<JAVA_HOME>\jdk1.8.0_112\bin> keytool -import -trustcacerts -alias ldap_test -file <cert-path>/ldap.cert -keystore ..\jre\lib\security\cacerts
Then I reran my JMS scenario and now I'm getting a different error (normally a good thing): Caused by: javax.naming.ServiceUnavailableException: xxx-xxx-yyy.zzzz.aaa:636; socket closed; remaining name 'cn=MyQueueConnectionFactory,ou=xxx-yyy-zzz,ou=xxxxYYYY,ou=xxx,dc=xxx,dc=xxxx'
So, now I'm wondering if maybe if done something wrong or missed something.
Again, this same configuration data is working in JBoss EAP 7 when pointed to a non-SSL ldap location. It is also working in WebSphere 7 with the same configuration data pointing to the SSL ldap location.
Has anyone done this?