Univention Bugzilla – Bug 34294
Java keystore integration
Last modified: 2017-08-08 07:11:43 CEST
Created attachment 5819 [details] Program to test LDAP connection in Java The UCS SSL certificates are currently not imported into the default Java keystore, which prevents Java application (like Open-Xchange) to connect to SSL enabled services like ldaps://, https://, ...: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target fname="/etc/univention/ssl/ucsCA/CAcert.pem" alias="$(openssl x509 -noout -in "$fname" -subject -nameopt multiline,-esc_msb|sed -ne 's,^\s*commonName\s*=\s*,,;T;s,\s\+$,,g;s,\s\+,_,g;p')" storepass='changeit' ; [ -f /etc/default/cacerts ] && . /etc/default/cacerts keytool -importcert -noprompt -alias -file "$fname" -keystore /etc/ssl/certs/java/cacerts -storepass "$storepass" See /var/lib/dpkg/info/ca-certificates-java.postinst
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4. If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.
This issue has been filed against UCS 3.2. UCS 3.2 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.