[ https://issues.jboss.org/browse/ELY-1616?page=com.atlassian.jira.plugin.s... ] Jiri Ondrusek commented on ELY-1616: ------------------------------------ Issue is caused by missing configuration. Problem is caused by some ldap servers (OpenLdap in this case), which return "usercertificate;binary" as a result of search for "usercertificate". If this happens, then ldap entry is not recognized as certificate without "userPKCS12" attribute. Solution is simple, use mapping for this kind of ldap servers, to search for "usercertificate;binary" instead of "usercertificate". {quote}/subsystem=elytron/ldap-key-store=qsTrustStore:add( \ dir-context=exampleDC, \ search-path="ou=trusstore,dc=example,dc=org", \ certificate-chain-attribute="*userCertificate;binary*", \ ){quote} With this mapping ldap trusstore will work without "userPKCS12" attributes. -- This message was sent by Atlassian JIRA (v7.5.0#75005)