Shinyproxy ldaps with self-signed certificate

Edi_Sz · January 11, 2018, 2:20pm

Is there a way to use shinyproxy with a self-signed certificate for ldaps? Or to disable certificate-check with ldaps?

I am seeing:

2018-01-10 13:14:00.279 ERROR 24 --- [XNIO-2 task-1] w.a.UsernamePasswordAuthenticationFilter :
An internal error occurred while trying to authenticate the user.
org.springframework.security.authentication.InternalAuthenticationServiceException: simple bind failed: 
xxx.net:636; nested exception is javax.naming.CommunicationException: simple bind failed: 
xxx.net:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

fmichielssen · January 16, 2018, 7:43am

Hi @Edi_Sz,

To have ShinyProxy trust the self-signed certificate, it should be added into the trust store.
There are two ways to do this:

Add it into the default trust store of the JRE running ShinyProxy. This is usually JRE_HOME/lib/security/cacerts. See https://docs.oracle.com/javase/tutorial/security/toolfilex/rstep1.html for more info.
Add it into a custom trust store and use that when launching ShinyProxy (using args -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword)