You are currently reviewing an older revision of this page.
After updating Java to 1.8_181, the LDAP sync process fails with a javax.net.ssl.SSLHandshakeException such as the one below:
javax.net.ssl.SSLHandshakeException
ERROR com.appiancorp.process.engine.UnattendedJavaActivityRequest - An error occurred while executing activity: id=<ID>, classname=com.appiancorp.ps.plugins.directory.syncwithusernames.ADUserSynchronizationV1 05:00:03,234 INFO [stdout] (Appian Work Item - 85150 - ProcessExec01 : UnattendedJavaActivityRequest) java.lang.RuntimeException: javax.naming.CommunicationException: <IP_ADDRESS>:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address found]
In Java 1.8_181 Oracle has enabled stricter endpoint verification for LDAPS connections by default.
The endpoint verification can be disabled by performing the following steps:
For JBoss:
<REPO_HOME>/bin/jboss/jboss-eap-6.4/bin
CUSTOM_JAVA_OPTS=-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
For Weblogic: