Enabling TLS in SailPoint

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

Version 8.4

Share all details related to your problem, including any error messages you may have received.

I am trying to enable TLS for our Active Directory application. I have a successful connection when TLS is not enabled, but I get the below error when it is enabled:

Test Connection
[ InvalidConfigurationException ] [ Possible suggestions ] Ensure that SSL communication is in place with domain. [ Error details ] Failed to connect to - dc=qual,dc=com : Failed to connect to server:ldap://qual.com:636 - javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have followed the steps in the below documentation and I cannot get a successful connection. Does anyone have an idea?

Securing Communication Path Between IdentityIQ and Active Directory Domain Controller/ Target System.

2

This error appears usualy when IIQ is not able to validate certificate of remote system.

Usualy it ia caused by missing trusted CA certificate of the CA which issued certificate for ldap.

You have to configure truststore and add the cert there. Follow this manuall

Screenshot_20240613_212424_Chrome
Screenshot_20240613_212424_Chrome1812×1389 199 KB

With difference that you have to use ldap cert issuer ca cert instead of iqservice but procedure is the same.

1 Like
3

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.