Some customers have reported this error when connecting their ServiceNow instances to an LDAPS server:
ldaps://ldaps.example.com:636 sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
Release or Environment
All supported ServiceNow releases
This error message appears where the customer's LDAPS server uses certificates issued from an internal/self-signed/non-public Certificate Authority (CA), and those certificates have not been uploaded to the instance's X.509 Certificates table.
- the root CA certificate
- any intermediate CA certificates
- the 'leaf' certificates, the one at the opposite end of the subject/issuer chain from the root CA. In other words the certificate that appears at the top of the ouput of openssl s_client -showcerts -connect output.
Note: The LDAPS server admin should be able to provide you with all this information. If not, the required certificates should be visible in the output of openssl s_client -showcerts -connect ldaps-server.customerdomain.com:636
If for some reason the steps in the Recommended Solution don't work you can get past this error by disabling certificate verification by setting System Property com.glide.communications.trustmanager_trust_all to true.
WARNING: This can have significant security implications and is a global setting for the whole instance (not just LDAP). It should only be used temporarily for testing (on sub-prod instances) and should not be used in production.