You are currently reviewing an older revision of this page.
After updating Java to 1.8_181, the LDAP sync process fails with a javax.net.ssl.SSLHandshakeException such as the one below:
javax.net.ssl.SSLHandshakeException
ERROR com.appiancorp.process.engine.UnattendedJavaActivityRequest - An error occurred while executing activity: id=<ID>, classname=com.appiancorp.ps.plugins.directory.syncwithusernames.ADUserSynchronizationV1 05:00:03,234 INFO [stdout] (Appian Work Item - 85150 - ProcessExec01 : UnattendedJavaActivityRequest) java.lang.RuntimeException: javax.naming.CommunicationException: <IP_ADDRESS>:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address found]
In Java 1.8_181 Oracle has enabled stricter endpoint verification for LDAPS connections by default, and the LDAP sync process is calling the LDAP server by an IP or hostname that is not present in the LDAP server certificate's subject or SAN field.
The endpoint verification can be disabled by performing the following steps:
1. Navigate to <REPO_HOME>/bin/jboss/jboss-eap-6.4/bin.
<REPO_HOME>/bin/jboss/jboss-eap-6.4/bin
2. Add the following line to standalone.custom.sh|bat :
CUSTOM_JAVA_OPTS=-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
3. Using the Configure Script, deploy the changes to JBoss.
4. Restart JBoss.
1. Navigate to <WEBLOGIC_HOME>/<project_name>/domains/<domain_name>/bin
<WEBLOGIC_HOME>/<project_name>/domains/<domain_name>/bin
2. Add the following line to the JAVA_OPTIONS in setDomainEnv.sh|.bat :
JAVA_OPTIONS
-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
3. Run $DOMAIN_HOME/bin/setDomainEnv.sh|.bat
$DOMAIN_HOME/bin/setDomainEnv.sh|.bat
4. Restart the Weblogic server
Note: Cloud customers should open a Support Case on Community to request that this property be added to their site.
Either:
This article applies to all versions of Appian.
Last Reviewed: August 2018