“javax.net.ssl.SSLHandshakeException” setting up ADFS in vSphere

This post was originally published on this site

Trying to setup ADFS, I’m getting:

Screen Shot 2020-07-03 at 09.20.01.png

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I switch to the non-secure versions and I still get the same error. I added the root certificate, the subCA cert and even the token signing from ADFS and none will work. Furthermore I added the root in https://<vCSA>/ui/app/admin/certificates not to mention that vCenter was already joined to AD. The trust should be there already. Using the Global Catalog endpoints didn’t work either.

 

Components
ADFS 2019
AD 2016, 2019 (2019 DCs had a lot of issues so Windows Server 2016 servers were redeployed–most of them)
vCSA

7.0.0.10400 build 16386292

PKI
Root in vCenter’s trusted roots Yes
Certs added in the setup process

Yes (rootCA, subCA and adfsTokenSigning)

CRLs All online
AIAs All onilne
OCSP Online
Other

Tested Kerberos request of tickets with kinit and klist by SSHing to vCSA. Kerberos works fine.

Tested name resolution from vCSA SSH session. DNS is working fine. Added static mappings to /etc/hosts for all nameservers, hosts and related resources as precaution.

 

Any idea how to fix it?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.