PKIX Validation Error "signature check failed" When Connecting to an LDAPS Server from a ServiceNow InstanceIssue Some customers have reported this error when connecting their ServiceNow instances to an LDAPS server: ldaps://ldaps.example.com:636 sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failedReleaseAll supported ServiceNow releasesCauseThis error message appears where the customer's LDAPS server uses certificates issued from an internal/self-signed/non-public Certificate Authority (CA), and those certificates have not been uploaded to the instance's X.509 Certificates table.Resolution Recommended Solution The following need to be uploaded to X.509 Certificate[sys_certificate] on the instance if using a internal/self-signed/non-public CA: the root CA certificateany intermediate CA certificatesthe 'leaf' certificates, the one at the opposite end of the subject/issuer chain from the root CA. In other words the certificate that appears at the top of the ouput of openssl s_client -showcerts -connect output. Note: The LDAPS server admin should be able to provide you with all this information. If not, the required certificates should be visible in the output of openssl s_client -showcerts -connect ldaps-server.customerdomain.com:636 Alternative Workaround If for some reason the steps in the Recommended Solution don't work you can get past this error by disabling certificate verification by setting System Property com.glide.communications.trustmanager_trust_all to true. WARNING: This can have significant security implications and is a global setting for the whole instance (not just LDAP). It should only be used temporarily for testing (on sub-prod instances) and should not be used in production.