https://connect.hyland.com/t5/alfresco-forum/active-directory-over-ssl/m-p/62159#M21576 <HTML><HEAD></HEAD><BODY><P>Good day,</P><P></P><P>I'm in the middle of my first Alfresco installation and configuration and need some assistance configuring Alfresco to work with Active Directory over SSL.</P><P></P><P>Here's a summary of what I've done so far:</P><P>- Exported the certificate from my AD server</P><P>- Imported the cert into the default keystore: C:\alfresco-current\alf_data\keystore\ssl.keystore via the command:</P><P>keytool -importcert -alias&nbsp;myad.mydomain -file cert.crt -keystore C:\alfresco-current\alf_data\keystore\ssl.keystore -storetype JCEKS (was I supposed to import this cert into the default keystore?)</P><P></P><P>alfresco-global.properties</P><P>### LDAP Configuration ###<BR /> <BR />authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad<BR />ntlm.authentication.sso.enabled=false<BR />ldap.authentication.active=true<BR />ldap.authentication.allowGuestLogin=false<BR /># Disable guest logins<BR /><A class="jive-link-email-small" href="https://migration33.stage.lithium.com/" rel="nofollow noopener noreferrer">ldap.authentication.userNameFormat=%s@domain.com</A><BR />ldap.authentication.java.naming.provider.url=ldaps://myserver.mydomain:636<BR />ldap.authentication.defaultAdministratorUserNames=svc-alfresco<BR />ldap.synchronization.java.naming.security.principal=svc-alfresco<BR />ldap.synchronization.java.naming.security.credentials=&lt;redacted&gt;<BR />ldap.synchronization.groupSearchBase=OU=SecurityGroups,OU=Groups,OU=Accounts,DC=mydomain<BR />ldap.synchronization.userSearchBase=OU=Users<SPAN>,OU=Groups,OU=Accounts,DC=mydomain</SPAN></P><P></P><P><SPAN>Here's the error I'm seeing in the alfresco.log:<BR />2018-05-31 13:37:46,122 ERROR [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] [localhost-startStop-1] Unable to connect to LDAP Server; check LDAP configuration<BR />javax.naming.CommunicationException: simple bind failed: myad.mydomain:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]<BR /> at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)<BR /> at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)<BR /> at com.sun.jndi.ldap.LdapCtx.&lt;init&gt;(Unknown Source)<BR /> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)<BR /> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)<BR /> at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)<BR /> at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)<BR /> at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)<BR /> at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)<BR /> at javax.naming.InitialContext.init(Unknown Source)<BR /> at javax.naming.InitialContext.&lt;init&gt;(Unknown Source)<BR /> at javax.naming.directory.InitialDirContext.&lt;init&gt;(Unknown Source)<BR /></SPAN></P><P></P><P><SPAN>I've been trying to piece all the documentation together to try to troubleshoot this issue, but I'm not getting very far and could use some help from some experienced users in where to go from here.</SPAN></P><P></P><P><SPAN>Any help would be appreciated.</SPAN></P></BODY></HTML> Thu, 31 May 2018 18:12:14 GMT mjt99 2018-05-31T18:12:14Z https://connect.hyland.com/t5/alfresco-forum/active-directory-over-ssl/m-p/62159#M21576 Good day,I'm in the middle of my first Alfresco installation and configuration and need some assistance configuring Alfresco to work with Active Directory over SSL.Here's a summary of what I've done so far:- Exported the certificate from my AD server- Imported the cert into the default keystore: C:\ Thu, 31 May 2018 18:12:14 GMT https://connect.hyland.com/t5/alfresco-forum/active-directory-over-ssl/m-p/62159#M21576 mjt99 2018-05-31T18:12:14Z https://connect.hyland.com/t5/alfresco-forum/active-directory-over-ssl/m-p/62160#M21577 <HTML><HEAD></HEAD><BODY><P>The ssl.keystore is only used for communication between Repository and SOLR. It is inconsequential for communication with LDAP / AD over SSL. In order to use LDAPS, the subsystem provides its own properties for configuring a specific keystore as the truststore. Look for the "ldap.authentication.truststore.xx" settings in the <A href="https://docs.alfresco.com/5.2/concepts/auth-ldap-props.html" rel="nofollow noopener noreferrer">documentation</A>. Of course you could re-use the ssl.truststore for this and add the certificate for the Active Directory server (or for the signing CA) in there.</P></BODY></HTML> Fri, 01 Jun 2018 09:39:04 GMT https://connect.hyland.com/t5/alfresco-forum/active-directory-over-ssl/m-p/62160#M21577 afaust 2018-06-01T09:39:04Z https://connect.hyland.com/t5/alfresco-forum/active-directory-over-ssl/m-p/62161#M21578 <HTML><HEAD></HEAD><BODY><P>Thanks Axel.&nbsp; I've got the Active Directory integration working now over SSL. I did a reinstall of Alfresco to restore the ssl.keystore to it's original state and imported the AD cert into a ldap.keystore file. After an issue with needing to use escape characters in the alfresco-global.properties file to point to the new keystore file everything started up properly with no errors in the log.&nbsp; I was then able to login using my AD account.</P><P></P><P>I'll now mark this question as solved.</P><P></P><P>Thanks again.</P></BODY></HTML> Fri, 01 Jun 2018 14:58:03 GMT https://connect.hyland.com/t5/alfresco-forum/active-directory-over-ssl/m-p/62161#M21578 mjt99 2018-06-01T14:58:03Z https://connect.hyland.com/t5/alfresco-forum/active-directory-over-ssl/m-p/62162#M21579 <P>sir can i see your config in alfresco.global.properties</P> Fri, 14 Jul 2023 16:34:12 GMT https://connect.hyland.com/t5/alfresco-forum/active-directory-over-ssl/m-p/62162#M21579 crisdev13 2023-07-14T16:34:12Z