You are currently reviewing an older revision of this page.
After updating Java to 1.8_181, the LDAP sync process fails with a javax.net.ssl.SSLHandshakeException such as the one below:
javax.net.ssl.SSLHandshakeException
ERROR com.appiancorp.process.engine.UnattendedJavaActivityRequest - An error occurred while executing activity: id=<ID>, classname=com.appiancorp.ps.plugins.directory.syncwithusernames.ADUserSynchronizationV1 05:00:03,234 INFO [stdout] (Appian Work Item - 85150 - ProcessExec01 : UnattendedJavaActivityRequest) java.lang.RuntimeException: javax.naming.CommunicationException: <IP_ADDRESS>:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address found]
In Java 1.8_181 Oracle has enabled stricter endpoint verification for LDAPS connections by default.
The endpoint verification can be disabled by performing the following steps:
1. Navigate to <REPO_HOME>/bin/jboss/jboss-eap-6.4/bin.
<REPO_HOME>/bin/jboss/jboss-eap-6.4/bin
2. Add the following line to standalone.custom.sh|bat :
CUSTOM_JAVA_OPTS=-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
3. Using the Configure Script, deploy the changes to JBoss.
4. Restart JBoss.
<WEBLOGIC_HOME>/<project_name>/domains/<domain_name>/bin
AVA_OPTIONS
-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
$DOMAIN_HOME/bin/setDomainEnv.sh|.bat