Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / December 2005

Tip: Looking for answers? Try searching our database.

Java+LDAP+SSL

Thread view: 
Enable EMail AlertsStart New Thread
Dieter Schicker - 18 Dec 2005 18:49 GMT
Hi,

I have a question concerning secure LDAP and Java.

When I try to do    

System.setProperty("javax.net.ssl.trustStore",/usr/local/j2sdk1.4.2_08/jre/lib/security/jssecacerts");
System.setProperty("javax.net.ssl.trustPassword", "secret");
System.setProperty("javax.net.debug", "SSL");
DirContext ctx = new InitialDirContext(ldapEnv);

I get the following error

javax.naming.CommunicationException: SASL bind failed: host.domain.at:636
[Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate found]

My question is:

I have three "certificates" in my ldap configuration directory

1) cacert.pem: containing the certificate authority
2) servercrt.pem: containing the public key
3) serverkey.pem: containing the private and the public key

When I issue a

keytool -import -file /home/didi/projects/xlabadmin/build/servercrt.pem\
-keystore jssecacerts

which file do I have to import: 1), 2) or 3). I tried with 1) but still
get the error above.

Any help would be highly appreciated.

Thanks in advance
Dieter
Reply to this Message
Jan Peter Stotz - 18 Dec 2005 19:52 GMT
Dieter Schicker schrieb:

> I have three "certificates" in my ldap configuration directory
>
> 1) cacert.pem: containing the certificate authority
> 2) servercrt.pem: containing the public key
> 3) serverkey.pem: containing the private and the public key

> which file do I have to import: 1), 2) or 3). I tried with 1) but still
> get the error above.

You need to import 1) into your truststore and 3) into your keystore.

Jan
Reply to this Message
Dieter Schicker - 19 Dec 2005 05:03 GMT
Thanks for your answer! No I ran into another problem:
(Sorry, I'm really not good in SSL)

When I try to import the serverkey.pem, I get the error:

Input not an X.509 certificate.

The same error occurs when I try to import servercrt.pem.
The certs where created with openssl.

Any ideas?

Thanks
Dieter

> Dieter Schicker schrieb:
>
[quoted text clipped - 10 lines]
>  
> Jan
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.