[ome-users] server certificate change is restrictedduring renegotiation]

[Josh Moore]

On Fri, May 29, 2015 at 12:29 PM, Aleksandra Tarkowska (Staff)
<A.Tarkowska at dundee.ac.uk> wrote:
> Hi Bernie
>
> Is ad.susx.ac.uk SSL cert self signed? Did you import to Java keystone and
> then add
>
> bin/omero config set omero.security.keyStore "/etc/pki/java/cacerts"
> bin/omero config set omero.security.trustStore "/etc/pki/java/cacerts"


in addition, a few more questions based on the similarity to
http://stackoverflow.com/a/27359749, pointed out by Simon:

 * was there a change in Java version involved in your upgrade? Even
if not, what version are you on?

 * what does your LDAP configuration look like currently? (minus
passwords) I assume there was no change during the upgrade?

 * had you made any configuration changes to etc/grid in the 5.0
server directory?


~Josh.


> Kind regards
> Ola

> On 29/05/2015 11:18, "Bernie Broughton" <b.broughton at sussex.ac.uk> wrote:
>
>>Hi,
>>
>>We've upgraded from 5.0.5 to 5.1.1 3 days ago successfully but are now
>>finding users can't authenticate using LDAP. Restarting the server fixes
>>the problem for initially but the problem returns with a very short
>>period (a minute or so).
>>
>>Checking the Blitz log I can see the error:
>>
>>org.springframework.ldap.CommunicationException: simple bind failed:
>>ad.susx.ac.uk:636; nested exception is
>>javax.naming.CommunicationException: simple bind failed:
>>ad.susx.ac.uk:636 [Root exception is javax.net.ssl.SSLHandshakeException:
>>server certificate change is restrictedduring renegotiation]
>>
>>Can anyone help with this please,
>>
>>Bernie Broughton
>>Research IT Support and Service Development Specialist (ITS Client
>>Services)
>>IT Manager (Genome Damage and Stability Centre)