I've added my cert to the Java keystore. I've configured my LDAP properly. I've confirmed that these settings DO work. However, they work intermittently.

I'm running the groovy script as specified in this link:

https://wiki.jenkins.io/display/JENKINS/LDAP+Plugin#LDAPPlugin-Troubleshooting

Sometimes running this script works, and I get the proper results back from my script. Other times, I get the following error:

LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: <hostname>.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;null; nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: hq.versive.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]

Changing the configs under "Configure Global Security" seems to help occasionally. If I change a setting in the config and save it, I can run this query successfully. However, if I reload the script page (or wait a few minutes) the Groovy script goes back to giving the same error.

I've also downloaded the SSLPoke tool from Atlassian to debug: 

https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html

This tool works just fine from my Jenkins server command line, 100% of the time. I've confirmed that if I remove the cert from my keystore I can replicate the same error I'm seeing in my Jenkins logs. But when the cert is in the keystore, the SSLPoke tool works fine.