When attempting to connect to Cascade CMS via Web Services over SSL, you may receive the following error message:

Fatal error: Uncaught SoapFault exception: [soapenv:Server.generalException] Validation error: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

This is generally due to the system not being able to locate a valid certificate for the application server. There are a few areas of the system to check when troubleshooting this particular issue:

LDAP Configuration

While it may not seem related at first, the LDAP Configuration in your instance can potentially be the cause of this problem. If you happen to be using LDAP to sync/authenticate users in your instance, check the following:

  • In the Binding section, see if the SSL option is selected. If it is selected, verify that:

  • The Key Store Path points to a valid key store on the application server.

  • The key store referenced in the Key Store Path field contains the proper SSL certificates for the machine itself.

  • If the SSL option is not selected, move onto the next section in this article (Default Java Key Store).

Important notes on using LDAP over SSL

  • Any changes made in the LDAP configuration with respect to the key store will require a restart of Cascade CMS in order to take effect.

  • Any time an LDAP sync occurs, the application will load into memory the key store that is being referenced in the Key Store Path field within your LDAP configuration. Because of this, it is important that you maintain a single key store on your application server that contains any necessary certificates for your environment. Having a single key store with all of the proper certificates in it can prevent issues with different key stores being referenced from different locations within the application environment.

Default Java Key Store

For those who are either not using LDAP at all or are using a Cleartext bind with LDAP, the application will default to using the key store located within the application's Java installation. To find out which installation of Java the application is using, see this article.

After determining which Java installation is being used, you'll need to make sure that:

  • The key store (generally lib/security/cacerts) contains the certificates for the application server itself.

Did this answer your question?