Some customers have reported this error when connecting their ServiceNow instances to an LDAPS server:

ldaps://ldaps.example.com:636 sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed

All supported ServiceNow releases

This error message appears where the customer's LDAPS server uses certificates issued from an internal/self-signed/non-public Certificate Authority (CA), and those certificates have not been uploaded to the instance's X.509 Certificates table.

• the root CA certificate
• any intermediate CA certificates
• the 'leaf' certificates, the one at the opposite end of the subject/issuer chain from the root CA. In other words the certificate that appears at the top of the ouput of openssl s_client -showcerts -connect output. 

Note: The LDAPS server admin should be able to provide you with all this information. If not, the required certificates should be visible in the output of openssl s_client -showcerts -connect ldaps-server.customerdomain.com:636

Alternative Workaround

If for some reason the steps in the Recommended Solution don't work you can get past this error by disabling certificate verification by setting System Property com.glide.communications.trustmanager_trust_all to true. 

WARNING: This can have significant security implications and is a global setting for the whole instance (not just LDAP). It should only be used temporarily for testing (on sub-prod instances) and should not be used in production.