You are currently reviewing an older revision of this page.

DRAFT KB-XXXX LDAPS CA signed cert error


LDAPS is configured in the environment, and the application server log displays the following error:

ERROR - [LDAP: error code 8 - 00002028: LdapErr: DSID-0C090256, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v3839]; nested exception is javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C090256, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v3839

This error suggests that the connection is being downgraded due to an invalid or missing certificate, ensuing lack of trust on the server's part. However, the following conditions are true:

  • A valid, Certificate Authority (CA) signed certificate is present in default JDK trust store.


For Appian 18.3 and later, the Appian installer includes OpenJDK. When the above symptoms are met, it suggests that the necessary valid, CA signed certificate is missing from the OpenJDK truststore.


Upload the valid, CA signed certificate to the Open JDK Truststore using one of the following commands:


<APPIAN_HOME>/java/bin/keytool -import -trustcacerts -file #PATH TO FILE# -alias <ALIASNAME> -keystore <APPIAN_HOME>/java/jre/lib/security/cacerts


"<APPIAN_HOME>\java\bin\keytool" -import -trustcacerts -file #PATH TO FILE# -alias <ALIASNAME>-keystore "<APPIAN_HOME>\java\jre\lib\security\cacerts"

Affected Versions

This article applies to Appian versions 18.3 and later.

Last Reviewed: May 2019