[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ssl auth



The error message indicates that your client certificate was signed by a CA that is
unknown to the server. Since you say you copied the cert from the server, it seems
you must not have installed the certificate correctly on the client.
 

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Valcu Gheorghe
Sent: Thursday, February 07, 2002 2:42 AM
To: openldap-software@OpenLDAP.org
Subject: ssl auth

I am trying to authentificate from java with anonymous on ssl and this is what the server throws me:
connection_get(10): got connid=104
connection_read(10): checking for input on id=104
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10): got connid=104
connection_read(10): checking for input on id=104
TLS trace: SSL3 alert read:fatal:unknown
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:956
connection_read(10): TLS accept error error=-1 id=104, closing
connection_closing: readying conn=104 sd=10 for close
connection_close: conn=104 sd=10
Client side:
javax.naming.CommunicationException:x.x.x.x:636.  Root exception is javax.net.ssl.SSLHandshakeException: unknown CA
        at com.ibm.jsse.JSSESocket.install(Unknown Source)
        at com.ibm.jsse.JSSEOutputStream.install(Unknown Source)
        at com.ibm.jsse.JSSEOutputStream.write(Unknown Source)
        at java.io.OutputStream.write(OutputStream.java:61)
        at com.sun.jndi.ldap.Connection.<init>(Connection.java:155)
        at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:81)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2307)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:211)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:79)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246)
        at javax.naming.InitialContext.init(InitialContext.java:222)
        at javax.naming.InitialContext.<init>(InitialContext.java:198)
        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:83)
Anybody has any ideea what could this be ? I have copyied the certificate from the server on the client side .. 
 

-------------------------------
Valcu Gheorghe
System Administrator
 
caatoosee s.r.l.
cluj 13
ro-1900 timisoara
 
tel. +4(0)-56-295215
fax. +4(0)-56-295216
mob. +4(0)-93-213726
mailto:valcu.gheorghe@caatoosee.ro
http://www.caatoosee.ro
-------------------------------