Conexão SSL, Certificados e LDAP(Active Directory)

Buenas,
Tô tentando estabelecer uma conexão SSL com o Active Directory, mas desde ontem só tô tomando surra, não sei se alguém já tentou fazer algo do tipo, mas qualquer ajuda é bem vinda.

Passos passos que fiz:
Os admins do AD subiram uma Entrerprise CA e me mandaram um arquivo .cer
Eu já importei este certificado para o meu keystore(/JAVA_HOME/jre/lib/security/cacerts) através do keytool
Setei a javax.net.ssl.trustStore com o caminho do cacerts.

Mas na hora que tento estabelecer uma conexão com o LDAP ele me lança a seguinte exceção:

javax.naming.CommunicationException: simple bind failed: 10.10.10.110:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed]
	at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
	at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
	at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
	at javax.naming.InitialContext.init(Unknown Source)
	at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
	at br.metodista.metricas.CriandoUsuarios.main(CriandoUsuarios.java:57)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
	at java.io.BufferedInputStream.fill(Unknown Source)
	at java.io.BufferedInputStream.read1(Unknown Source)
	at java.io.BufferedInputStream.read(Unknown Source)
	at com.sun.jndi.ldap.Connection.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
	at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
	at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
	at sun.security.validator.Validator.validate(Unknown Source)
	at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
	at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
	... 13 more
Caused by: java.security.cert.CertPathValidatorException: signature check failed
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	... 18 more
Caused by: java.security.SignatureException: Signature does not match.
	at sun.security.x509.X509CertImpl.verify(Unknown Source)
	at sun.security.provider.certpath.BasicChecker.verifySignature(Unknown Source)
	at sun.security.provider.certpath.BasicChecker.check(Unknown Source)
	... 22 more

Alguma idéia que diabos é isso?

hum....nesse tópico acho um cara tava com o mesmo problema que o seu.

Ele mencionou ao fim do post no que ele havia errado, e um outro link o ajudou a resolver o problema.

verifica se tá de acordo contigo.

T+

Foi pelo link do final da página mesmo que eu estava tentando, mas parece que tô fazendo algo errado na hora de instalar o certificado do client, porque testei a conexão SSL no servidor e o LDAP tá aceitando normal.

Resolvido.
O problema era o certificado, que geraram com a chave errada no servidor AD.

olá Rafael Nunes, será que vc poderia passar como vc gerou os certificados (servidor e cliente) ?

por favor!!!

Notícias, artigos e o maior fórum brasileiro sobre Java