SFTP Gateway Support

1.0.0

SFTP Gateway 2.0 Set Java Certificates

Note: This page applies to SFTP Gateway version 2.x. Visit Here for documentation on version 3.x.

Overview

Sometimes an OS update (i.e. yum update) will clear out the LDAP SSL certificates stored in the JVM. You can use a command on the server set-java-certs to re-import this SSL certificate.

Error message

One error you may encounter on the web admin interface or CLI that contains the string SSLHandshakeException.

This is the full error:

simple bind failed:
localhost:636; nested exception is javax.naming.CommunicationException: 

simple bind failed: 
localhost:636 [
  Root exception is javax.net.ssl.SSLHandshakeException: 
  sun.security.validator.ValidatorException: 
  PKIX path building failed: 
  sun.security.provider.certpath.SunCertPathBuilderException: 
  unable to find valid certification path to requested target
]

This is error comes from our sftpgw-admin-api backend, which is Java based. By default, SFTP Gateway imports the LDAP SSL certificate into the JVM. This allows the JVM to communicate with LDAP, even though the certificate is self-signed.

After an OS update, these imported SSL certs can sometimes get cleared out. This results in the SSLHandshakeException error.

Re-importing the Java certs

To fix this issue, run the following command:

sudo /usr/local/bin/set-java-certs

This command extracts the LDAP SSL certificate and re-imports it into the JVM.

After running this command, you should no longer see this error.

SFTP Gateway 2.0 Update ProcessSFTP Gateway 2.0 Health Checks