SSPR Failure to connect to Breach Database API

We implemented the SSPR breach check.  It worked for a couple of days, but now we're getting an API error.

 

WARN , util.PwmPasswordRuleValidator, Problem while connecting to external breach database Failed to connect to api.pwnedpasswords.com/2606:4700:0:0:0:0:6811:ac66:443

 

Is anyone else experiencing this issue? I've read on the site for haveibeenpwned that an API key is possibly needed, does anyone know how to this key is implemented?

Parents Reply Children
  • If we have to import the certificates it would be nice to know what URL's are being used.  I assume api.pwnedpasswords.com.  I imported the intermediate certificate on a test box and it didn't work.  The root cert is already there so I don't see why I would need the intermediates.  Test sites are saying that cloudflare is including the intermediates as it should. 

    Do I have the right URL?  What certs need to be imported?

    Edit: Does the user application set java to use the idm.jks truststore instead of the defaults cacerts?  I don't see it on the command line, but maybe it is set in code?

  • IDM is configured to use idm.jks as a truststore which appears to make it ignore the default jvm cert store.  I imported the root CA (CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE) to that truststore and it is working fine now.