LDAP how to troubleshoot Certificate do not match



Certificate uploaded into workfront instance is not the same as the certificate being presented by the LDAP or AD system.



Find and Upload the correct Certificate.

note- Certificates can be stored in multiple places so there is no way for Workfront to be able to tell  where to locate the correct certificate.

note- This method May not work if you already have the certificate installed on your local machine


One Way to Find the solution is to Use Apache Directories Studio to display information about the certificate


Steps to find the correct certificate.

  1. If you do not Have Apache directories studio you can download it here.
  2. Locate your public Ip address from whatsmyIP
  3. Make sure the IP address is allowed to connect to the LDAP/AD server through port 636
  4. Open Apache Directory Studio and select LDAP>new Connection from top menu
  5. Enter the HostName (This may be an IP or Named Address.)
  6. Change the port to 636
  7. Set Encryption method to LDAPS
  8. Select Check Network Parameters(If this fails then  the firewall rule is not allowing the connection)
  9. hit Next
  10. Enter anything as the username and password(Just need to have a value)
  11. Select Check Authentication
  12. You will be Presented with the following Prompt Select view Certificate (May look Different on windows)
  13. You should see the following
  14. You can then do a search using the serial number to find the correct certificate