Scenario: Intermediate Certificate Authority (CA) certificates need to be imported into DLP for connecting to Active Directory.
WARNING [com.vontu.manager.admin.directoryconnection.DirectoryConnectionManager] Test Directory Connection Failed:
Root exception is javax.net.ssl.SSLHandshakeException:
PKIX path building failed:
unable to find valid certification path to requested target
Certificate chain imported into tomcat .keystore instead of the Java cacerts keystore.
Certificates used for Active Directory Connections are added to the CACERTS keystore located in \SymantecDLP\jre\lib\security on Enforce.
Below are a summary of steps to resolve the issue. For more information, refer to the "Symantec DLP Admin Guide", Importing SSL Certificates to Enforce or Discover Servers.
Copy the certificate file you want to import to the Enforce Server.
Change directory to c:\SymantecDLP\jre\bin on the Enforce Server.
Execute the keytool utility with the -importcert option to import the public key certificate to the Enforce Server or Discover Server keystore. Example: keytool -importcert -alias new_endpointgroup_alias -keystore ..\lib\security\cacerts -file my-domaincontroller.crt
When you are prompted, enter the password for the keystore.
Answer Yes when you are asked if you trust this certificate.
Restart the Enforce Server.
Subscribing will provide email updates when this Article is updated. Login is required.