B
Brandon McCombs
hello,
I'm trying to establish an SSL connection to Active Directory and I'm
not getting very far. I believe I have my code setup properly in order
to try to use an SSL connection but from various websites I'm getting
the impression I have to setup a keystore with the certificate of Active
Directory's CA in the keystore. Is this correct? If so, I still have
problems.
I installed CA services in Windows 2003. ADS is listening in port 636.
My application is trying to connect on 636 (always good to be in sync
with server). I have the following lines in my code:
ldapEnv.put(Context.SECURITY_PROTOCOL, "ssl");
String keystore = "C:\\Java15\\jre\\lib\\security\\server_store.jks";
System.setProperty("javax.net.ssl.trustStore",keystore);
When creating the actual directory context I do the following (from SUN
tutorial):
ctx = new InitialLdapContext(ldapEnv,null);
//Perform a StartTLS extended operation
StartTlsResponse tls =
(StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
System.out.println(tls.getID() + " ID"); //this never prints
// Open a TLS connection and get details
// of the negotiated TLS session: cipher suite, peer certificate, etc.
tls.negotiate();
I've created a keystore on my local PC and I was able to successfully
take the CA cert from the Windows server and add it to my keystore but I
still get a failed bind to the 636 port.
Any ideas?
Thanks in advance.
I'm trying to establish an SSL connection to Active Directory and I'm
not getting very far. I believe I have my code setup properly in order
to try to use an SSL connection but from various websites I'm getting
the impression I have to setup a keystore with the certificate of Active
Directory's CA in the keystore. Is this correct? If so, I still have
problems.
I installed CA services in Windows 2003. ADS is listening in port 636.
My application is trying to connect on 636 (always good to be in sync
with server). I have the following lines in my code:
ldapEnv.put(Context.SECURITY_PROTOCOL, "ssl");
String keystore = "C:\\Java15\\jre\\lib\\security\\server_store.jks";
System.setProperty("javax.net.ssl.trustStore",keystore);
When creating the actual directory context I do the following (from SUN
tutorial):
ctx = new InitialLdapContext(ldapEnv,null);
//Perform a StartTLS extended operation
StartTlsResponse tls =
(StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
System.out.println(tls.getID() + " ID"); //this never prints
// Open a TLS connection and get details
// of the negotiated TLS session: cipher suite, peer certificate, etc.
tls.negotiate();
I've created a keystore on my local PC and I was able to successfully
take the CA cert from the Windows server and add it to my keystore but I
still get a failed bind to the 636 port.
Any ideas?
Thanks in advance.