Sometimes an OS update (i.e.
yum update) will clear out the LDAP SSL certificates stored in the JVM.
You can use a command on the server
set-java-certs to re-import this SSL certificate.
One error you may encounter on the web admin interface or CLI that contains the string
This is the full error:
simple bind failed: localhost:636; nested exception is javax.naming.CommunicationException: simple bind failed: localhost:636 [ Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ]
This is error comes from our
sftpgw-admin-api backend, which is Java based.
By default, SFTP Gateway imports the LDAP SSL certificate into the JVM.
This allows the JVM to communicate with LDAP, even though the certificate is self-signed.
After an OS update, these imported SSL certs can sometimes get cleared out.
This results in the
Re-importing the Java certs
To fix this issue, run the following command:
This command extracts the LDAP SSL certificate and re-imports it into the JVM.
After running this command, you should no longer see this error.