The
error message indicates that your client certificate was signed by a CA that
is
unknown to the server. Since you say you copied the cert from the server,
it seems
you
must not have installed the certificate correctly on the
client.
-- Howard Chu Chief Architect, Symas
Corp. Director, Highland Sun http://www.symas.com
http://highlandsun.com/hyc Symas: Premier OpenSource
Development and Support
I am trying to authentificate from java
with anonymous on ssl and this is what the server throws
me:
connection_get(10): got
connid=104 connection_read(10): checking for input on id=104 TLS trace:
SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read
client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS
trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3
write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace:
SSL_accept:error in SSLv3 read client certificate A TLS trace:
SSL_accept:error in SSLv3 read client certificate A daemon: select:
listen=6 active_threads=0 tvp=NULL daemon: select: listen=7
active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon:
activity on: 10r daemon: read activity on 10 connection_get(10): got
connid=104 connection_read(10): checking for input on id=104 TLS trace:
SSL3 alert read:fatal:unknown TLS trace: SSL_accept:failed in SSLv3 read
client certificate A TLS: can't accept. TLS: error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
s3_pkt.c:956 connection_read(10): TLS accept error error=-1 id=104,
closing connection_closing: readying conn=104 sd=10 for
close connection_close: conn=104 sd=10
Client side:
javax.naming.CommunicationException:x.x.x.x:636. Root exception
is javax.net.ssl.SSLHandshakeException: unknown
CA at
com.ibm.jsse.JSSESocket.install(Unknown
Source) at
com.ibm.jsse.JSSEOutputStream.install(Unknown
Source) at
com.ibm.jsse.JSSEOutputStream.write(Unknown
Source) at
java.io.OutputStream.write(OutputStream.java:61)
at
com.sun.jndi.ldap.Connection.<init>(Connection.java:155)
at
com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:81)
at
com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2307)
at
com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:211)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:79)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246)
at
javax.naming.InitialContext.init(InitialContext.java:222)
at
javax.naming.InitialContext.<init>(InitialContext.java:198)
at
javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:83)
Anybody has any ideea what could this be ? I have
copyied the certificate from the server on the client side ..
------------------------------- Valcu
Gheorghe System Administrator
caatoosee s.r.l. cluj 13 ro-1900
timisoara
|