GroupWise LDAP sync using SSL fails without obvious errors

  • 7023394
  • 28-Sep-2018
  • 28-Sep-2018


GroupWise 18


GroupWise is configured with an LDAP connection using SSL.  The LDAP sync fails with no obvious error message in the MTA log.  In the LDAP Directory configuration screen, clicking on Test Connection fails with a generic error message.  The SSL certificate is not expired. 


Ensure a valid certificate with a proper host name in the Subject Alternative Names field is being used.


Due to recent changes in Java if the address provided to connect to an LDAP server does not match the CN of the LDAP server certificate, or Subject Alternative Names, the handshake will fail by default.

Additional Information

With the log level of the gwadminservice set to debug, the following error message will be observed in the gwadmin-console.log file:

2018-09-26 14:03:12 LdapServer [DEBUG] Creating LDAP connection at ldaps://
2018-09-26 14:03:12 LdapServer [FATAL] Error building connection to ldap server 'ROOT'

and further down after the Java error information:

Caused by: No subject alternative names matching IP address found