LDAP SSL Error with a Synology

zibeug · October 10, 2019, 8:28am

Hi everyone,

I try to install the Xwiki project on my server with docker and connect a LDAP.

I use a Synology and Xwiki is configurate with 1 docker for postgres and 1 for xwiki. The tool is ready to use but I try to connect the LDAP width an update of the cfg file.

I have a problem with the SSL certificate of the LDAP of Synology. I found this tutorial : https://blog.samuel.domains/blog/tutorials/how-to-lean-an-xwiki-docker-container-against-active-directory-over-ldaps

But I have always the problem with the SSL certificate. If I remove the SSL of the LDAP server, everything is okay but It’s not recommanded.

Somebody can help me or was in the same situation ?

Thank and best regards.

Zibeug

Beat_Burgener · October 10, 2019, 9:12am

I’m not in the same situation, but usually this comes down to the following

purchase a certificate trusted by the installation in use
import the CA that issued the certificate on the Synology to your installation
disable certificate checks (not sure if this is supported)

HTH

zibeug · October 10, 2019, 9:20am

I have the error : LDAPException: Confidentiality Required (13) Confidentiality Required
LDAPException: Server Message: TLS confidentiality required

Beat_Burgener · October 10, 2019, 9:27am

there are two ports to use with ldap

ldaps (SSL) = 636
ldap TLS = 389

If you specify ldaps, you have to use 636, if ldap over TLS 389

Just as an idea …

zibeug · October 10, 2019, 9:31am

Yes I know but I don’t want to use the 389 but the 636 doesn’t work and I want to use this port.

I think the problem come from the Synology SSL certificate but I try to find them and to put them into the xwiki installation (link on my first message) but nothing happend

Beat_Burgener · October 10, 2019, 9:34am

This message indicates otherwise … it requires TLS, which usually is port 389. Looks like you use 389 without TLS which is enforced by the LDAP server on the Synology.

At least on first sight …

zibeug · October 10, 2019, 10:02am

If i use this extensions : http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/Authenticator/

I have this error : org.xwiki.contrib.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException.

Beat_Burgener · October 10, 2019, 1:57pm

… this is not enough information to troubleshoot this. Bind failed might be caused by many things like CN/pwd incorrect or others …

zibeug · October 10, 2019, 2:04pm

Everything is okay with login and password. That’s come from the certificate because I use a SSL LDAP with the :636 port.

Beat_Burgener · October 10, 2019, 2:09pm

Please paste the entire trace without any confidential information like user/pwd/uri

zibeug · October 14, 2019, 1:10pm

Annotation%202019-10-14%20150840

Xwiki.cfg file

I try to make this change : https://blog.samuel.domains/blog/tutorials/how-to-lean-an-xwiki-docker-container-against-active-directory-over-ldaps

But nothing is working

zibeug · October 14, 2019, 1:18pm

org.xwiki.contrib.ldap.XWikiLDAPException: Error number 0 in 5: LDAP bind failed with LDAPException.
at org.xwiki.contrib.ldap.XWikiLDAPConnection.open(XWikiLDAPConnection.java:227)
at org.xwiki.contrib.ldap.script.LDAPScriptService.checkConnection(LDAPScriptService.java:91)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384)
at org.xwiki.velocity.introspection.MethodArgumentsUberspector$ConvertingVelMethod.invoke(MethodArgumentsUberspector.java:214)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280)
at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:567)
at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:87)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:259)
at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222)
at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:358)
at org.xwiki.rendering.internal.macro.velocity.VelocityMacro.evaluateString(VelocityMacro.java:131)
at org.xwiki.rendering.internal.macro.velocity.VelocityMacro.evaluateString(VelocityMacro.java:52)
at org.xwiki.rendering.macro.script.AbstractScriptMacro.evaluateBlock(AbstractScriptMacro.java:286)
at org.xwiki.rendering.macro.script.AbstractScriptMacro.execute(AbstractScriptMacro.java:182)
at org.xwiki.rendering.macro.script.AbstractScriptMacro.execute(AbstractScriptMacro.java:58)
at org.xwiki.rendering.internal.transformation.macro.MacroTransformation.transform(MacroTransformation.java:297)
at org.xwiki.rendering.internal.transformation.DefaultRenderingContext.transformInContext(DefaultRenderingContext.java:183)
at org.xwiki.rendering.internal.transformation.DefaultTransformationManager.performTransformations(DefaultTransformationManager.java:101)
at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:263)
at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:133)
at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:58)
at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:96)
at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:39)
at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:123)
at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:52)
at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:68)
at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:42)
at com.xpn.xwiki.doc.XWikiDocument.display(XWikiDocument.java:1203)
at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:1244)
at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:1221)
at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:1252)
at com.xpn.xwiki.api.Document.getRenderedContent(Document.java:736)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280)
at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:567)
at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:106)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)
at org.xwiki.velocity.introspection.TryCatchDirective.render(TryCatchDirective.java:87)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:259)
at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222)
at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:358)
at com.xpn.xwiki.internal.template.InternalTemplateManager.evaluateContent(InternalTemplateManager.java:884)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:755)
at com.xpn.xwiki.internal.template.InternalTemplateManager.lambda$renderFromSkin$0(InternalTemplateManager.java:730)
at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:729)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:708)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:694)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:78)
at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2320)
at com.xpn.xwiki.XWiki.parseTemplate(XWiki.java:2298)
at com.xpn.xwiki.api.XWiki.parseTemplate(XWiki.java:992)
at sun.reflect.GeneratedMethodAccessor199.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280)
at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:369)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)
at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:216)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:311)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:230)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:259)
at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222)
at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:358)
at com.xpn.xwiki.internal.template.InternalTemplateManager.evaluateContent(InternalTemplateManager.java:884)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:755)
at com.xpn.xwiki.internal.template.InternalTemplateManager.lambda$renderFromSkin$0(InternalTemplateManager.java:730)
at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:729)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:708)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:694)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:78)
at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2320)
at com.xpn.xwiki.XWiki.parseTemplate(XWiki.java:2298)
at com.xpn.xwiki.api.XWiki.parseTemplate(XWiki.java:992)
at sun.reflect.GeneratedMethodAccessor199.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280)
at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:369)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)
at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:216)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:311)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:230)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:259)
at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222)
at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:358)
at com.xpn.xwiki.internal.template.InternalTemplateManager.evaluateContent(InternalTemplateManager.java:884)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:755)
at com.xpn.xwiki.internal.template.InternalTemplateManager.lambda$renderFromSkin$0(InternalTemplateManager.java:730)
at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:729)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:708)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:694)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:78)
at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2320)
at com.xpn.xwiki.XWiki.parseTemplate(XWiki.java:2298)
at com.xpn.xwiki.api.XWiki.parseTemplate(XWiki.java:992)
at sun.reflect.GeneratedMethodAccessor199.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395)
at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384)
at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173)
at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280)
at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:369)
at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)
at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:216)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:311)
at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:230)
at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207)
at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:259)
at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222)
at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:358)
at com.xpn.xwiki.internal.template.InternalTemplateManager.evaluateContent(InternalTemplateManager.java:884)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:755)
at com.xpn.xwiki.internal.template.InternalTemplateManager.lambda$renderFromSkin$0(InternalTemplateManager.java:730)
at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:98)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:729)
at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:708)
at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:694)
at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:78)
at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2320)
at com.xpn.xwiki.web.Utils.parseTemplate(Utils.java:179)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:489)
at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:112)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:109)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:134)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: LDAPException: Connection lost waiting for results from ***************:636 (91) Connect Error
java.io.EOFException: BERDecoder: decode: EOF in Identifier
at com.novell.ldap.Connection$ReaderThread.run(Connection.java:1379)
… 1 more
Caused by: java.io.EOFException: BERDecoder: decode: EOF in Identifier
at com.novell.ldap.asn1.ASN1Identifier.(ASN1Identifier.java:132)
at com.novell.ldap.Connection$ReaderThread.run(Connection.java:1269)
… 1 more

Beat_Burgener · October 14, 2019, 9:24pm

OK, thank you.

Either the Synology is not listening on the SSL port or returns something strange …

Please try:

openssl s_client -host synology.domain.com -port 636 -prexit -showcerts

openssl s_client -connect synology.domain.com:389 -starttls ldap -prexit -showcerts

zibeug · October 15, 2019, 6:27am

If I use the first command I have 3 certificate : the first is domain.synology.me the second is delivred by let’s encrypt and the last is Digital Signature Trust Co.

Do you think I need to load all certificate in the keystore ?

Thanks for your help

Beat_Burgener · October 16, 2019, 8:54am

Yes, you can try this (root and intermediate certificate)
You are missing the details about the root and intermediate certificate. I assume it is the X3?

zibeug · October 16, 2019, 10:07am

I found maybe the problem.

If i try to start tomcat server I have this error with setenv.sh

catalina.sh: 37: /usr/local/tomcat/bin/setenv.sh: [[: not found

SECURERANDOM="-Djava.security.egd=file:/dev/./urandom"

if [[ ! -z “$JAVA_OPTS” ]]; then - :37
if [[ ! $JAVA_OPTS =~ .-Xmx[0-9]+. ]]; then
JAVA_OPTS="$JAVA_OPTS $XMX"
fi
if [[ ! $JAVA_OPTS =~ .ALLOW_ENCODED_SLASH. ]]; then
JAVA_OPTS="$JAVA_OPTS $ALLOW_ENCODED_SLASH"
fi
if [[ ! $JAVA_OPTS =~ .ALLOW_BACKSLASH. ]]; then
JAVA_OPTS="$JAVA_OPTS $ALLOW_BACKSLASH"
fi
if [[ ! $JAVA_OPTS =~ .java.security.egd. ]]; then
JAVA_OPTS="$JAVA_OPTS $SECURERANDOM"
fi
else
JAVA_OPTS="$XMX $ALLOW_ENCODED_SLASH $ALLOW_BACKSLASH $SECURERANDOM"
fi

JAVA_OPTS="$JAVA_OPTS-Djavax.net.ssl.trustStore=/usr/local/tomcat/jsscecacerts"

export JAVA_OPTS

Beat_Burgener · October 17, 2019, 7:34am

Don’t know about that one. Still, please try BOTH of the commands above and let me know the details about the certificate (full issuer name)

Some information about the certificates in use by Let’s Ecrypt: