So we have Nexus 3 Repository and we are using LDAPS (not LDAP) for connecting to our Active Directory server.
If we use LDAP (389) we have no issues. However, when we set this to LDAPS (and change it to port 636). It works fine for 5 minutes or so then this error occurs, then after a minute it works again for another 5 minutes or so:
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching dns_url_server found.
We have the timeout set as - -Dcom.sun.jndi.ldap.connect.pool.timeout=180000
Full trace stack trace set (annoymised some data in the log for security reasons)
dns_url_server - replace valid DNS url
dc=domain_start,dc=domain_end - replaces valid domain string
valid_ldap_user - remove valid ldap username
specific_user - remove valid ldap username
2019-07-30 14:56:03,402+0100 WARN [qtp1783462355-4605] *UNKNOWN org.sonatype.nexus.ldap.internal.connector.FailoverLdapConnector - Problem connecting to LDAP server: Caused by: javax.naming.CommunicationException: dns_url_server:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching dns_url_server found.] Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching dns_url_server found. Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching dns_url_server found.
org.sonatype.nexus.ldap.internal.connector.dao.LdapDAOException: Failed to retrieve ldap information for user.
at org.sonatype.nexus.ldap.internal.connector.DefaultLdapConnector.getUser(DefaultLdapConnector.java:143)
...
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.naming.CommunicationException: dns_url_server:636
at com.sun.jndi.ldap.Connection.<init>(Connection.java:238)
...
at org.sonatype.nexus.ldap.internal.connector.DefaultLdapConnector.getUser(DefaultLdapConnector.java:129)
... 80 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching dns_url_server found.
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
...
at com.sun.jndi.ldap.Connection.<init>(Connection.java:215)
... 99 common frames omitted
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching dns_url_server found.
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:214)
...
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621)
... 108 common frames omitted