Can't connect JNDI using LDAP/SSL

Discussion in 'Java' started by Ian Harding, Sep 1, 2005.

  1. Ian Harding

    Ian Harding Guest

    I have created a certificate on a directory server, and imported it into
    the Java keystore on my client machine. Listing the keystore contents
    includes the certificate data:

    Alias name: testpc18
    Creation date: 01-Sep-2005
    Entry type: trustedCertEntry

    Owner: CN=testpc18, DC=cornwall, DC=company, DC=com
    Issuer: CN=testpc18, DC=cornwall, DC=company, DC=com
    Serial number: 6137514bb844f8b84515cfc29f48d742
    Valid from: Thu Sep 01 13:15:54 BST 2005 until: Wed Sep 01 13:20:51 BST 2010
    Certificate fingerprints:
    MD5: 31:8E:C0:42:86:7D:42:27:63:26:91:A8:41:95:25:C2
    SHA1: 01:2C:56:1E:DD:55:D9:5B:93:A7:B2:A0:F6:72:DD:A7:60:B2:DB:89

    I use this client code (based on a sample found on the web):

    Hashtable env = new Hashtable();
    String adminName =
    "CN=Administrator,CN=Users,DC=CORNWALL,DC=COMPANY,DC=COM";
    String adminPassword = "xxxxxx";
    String ldapURL = "ldaps://testpc18:636";
    String keystore = "C:/Program Files/Java/j2re1.4.2_03/lib/security/cacerts";
    System.setProperty("javax.net.ssl.trustStore",keystore);

    env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.SECURITY_AUTHENTICATION,"simple");
    env.put(Context.SECURITY_PRINCIPAL,adminName);
    env.put(Context.SECURITY_CREDENTIALS,adminPassword);
    env.put(Context.SECURITY_PROTOCOL,"ssl");
    env.put(Context.PROVIDER_URL,ldapURL);

    try {
    DirContext ctx = new InitialLdapContext(env,null);
    ....

    At runtime, the last line throws an exception
    "javax.naming.CommunicationException: simple bind failed: testpc18:636
    [Root exception is javax.net.ssl.SSLHandshakeException:
    sun.security.validator.ValidatorException: No trusted certificate found]"

    The client does have the trusted root certificate for the directory
    server (running Active Directory on Windows Server 2003 SP1, if that's
    relevant). I am definitely passing the correct keystore to the client
    app, and the certificate has definitely been added to it.

    Can anyone help me spot what I'm doing wrong?

    Thank you,
    Ian
     
    Ian Harding, Sep 1, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Otis Mukinfus
    Replies:
    3
    Views:
    949
    Juan T. Llibre
    Jul 8, 2005
  2. Ray Dees

    JNDI LDAP problem in JRE 1.4

    Ray Dees, Sep 5, 2003, in forum: Java
    Replies:
    0
    Views:
    743
    Ray Dees
    Sep 5, 2003
  3. Mike S
    Replies:
    0
    Views:
    23,076
    Mike S
    Sep 16, 2004
  4. Mick
    Replies:
    2
    Views:
    9,643
    Marcin Grunwald
    Feb 23, 2005
  5. Akaketwa
    Replies:
    1
    Views:
    5,021
    impaler
    Sep 22, 2006
Loading...

Share This Page