Error when trying securing communication between Graph/ExchangeService and Azure & Office 365 Driver

Hello,

I am integrating with the office 365 connector and Azure AD, but we are having trouble establishing a secure connection between the Driver, graph.windows.net, and office 365.

Remote Loader Log:
TRACE: Remote Loader: Creating a JSSE SSLServerSocket
TRACE: Remote Loader: Entering listener accept()
TRACE: Remote Loader: java.io.IOException: Error during SSL handshake
at com.novell.nds.dirxml.remote.SocketStream.connect(SocketStream.java:541)
at com.novell.nds.dirxml.remote.Connection.connectStream(Connection.java:872)

The keystore is configured in both (Remote Loader and Driver) with the Graph, and ExchangeService certificates, and it is located on the windows server where the Remote loader is running.
Can you give me a hand with this error?

Thank you.

  • As silly as it sounds, are you sure you got ALL The certs in the keystore?  All the  intermediate certs?  Not the server endpoint cert, but the primary CA, and the intermediate CA.  The Java keystores seem to have most of the top level CA keys in the primary cacerts file they distribute. But they seem to be missing a fairly large number of intermediate CAs.

  • The configured keystore has the following certificates:

    Azure AD (from https://graph.windows.net/)
    Microsoft IT TLS CA 1
    Microsoft IT TLS CA 2
    Microsoft IT TLS CA 4
    Microsoft IT TLS CA 5

    We setted the keystore path (which is located in the RL server) within Driver config. and in the Remote Loader configuration.


    Do we need any cert/config else?
    Thank you!

  • So when I go to the URL in your message above, and hit the lock key in my browser, I see that following cert chain.

    So those are the CA and intermediate CA you need.

    Root CAs serial number is:

    08:3B:E0:56:90:42:46:B1:A1:75:6A:C9:59:91:C7:4A

    For intermediate:

    01:FD:A3:EB:6E:CA:75:C8:88:43:8B:72:4B:CF:BC:91

    So you can check for those in your keystore.  (They lose the colons).