My Oracle Support Banner

DIP 11g 12c Unable to Connect to AD via SSL Port After Java Upgrade "javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching AD_HOST found (Doc ID 2470320.1)

Last updated on AUGUST 30, 2023

Applies to:

Oracle Unified Directory - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

The following issue is described:

=======================================================================
Issue: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException


 - While connecting from DIP to AD, getting the following error:

ODIException: LDAP Connection Failure
  at oracle.ldap.odip.gsi.LDAPConnector.connectLdap(LDAPConnector.java:340)
  at oracle.ldap.odip.gsi.ActiveChgReader.initialise(ActiveChgReader.java:178)
  at oracle.ldap.odip.web.DIPSyncBean.readerInitialise(DIPSyncBean.java:509)
  at oracle.ldap.odip.web.DIPSyncBean.mapInitialise(DIPSyncBean.java:550)
  at oracle.ldap.odip.web.DIPSyncBean.execMapping(DIPSyncBean.java:458)
  at oracle.ldap.odip.web.DIPSyncBean.doOneIteration(DIPSyncBean.java:348)
  at oracle.ldap.odip.web.DIPSync_2r3ocw_EOImpl.__WL_invoke(Unknown Source)
  at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
  at oracle.ldap.odip.web.DIPSync_2r3ocw_EOImpl.doOneIteration(Unknown Source)
  at oracle.ldap.odip.web.SyncQuartzJobImpl.execute(SyncQuartzJobImpl.java:178)
  at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
  at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused By: javax.naming.CommunicationException: simple bind failed: <AD HOSTNAME.DOMAIN>:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching <AD HOSTNAME.DOMAIN> found.]



Changes

 Upgraded Java to 1.7_201 (affects 1.8_181 and higher also)

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.