[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ssl auth



That is exactly what I did.. and the issue is still here.. I don't know what else to do .. anybody who encountered this problem and has any ideea, I apreciate any help.
 
-------------------------------
Valcu Gheorghe
System Administrator
 
caatoosee s.r.l.
cluj 13
ro-1900 timisoara
 
tel. +4(0)-56-295215
fax. +4(0)-56-295216
mob. +4(0)-93-213726
mailto:valcu.gheorghe@caatoosee.ro
http://www.caatoosee.ro
-------------------------------
----- Original Message -----
Sent: Thursday, February 07, 2002 12:48 PM
Subject: RE: ssl auth

You shouldn't copy the server certificate to the client itself.  
Have you imported your certificate into JAVA_HOME/jre/bin/security/cacerts ?
To import use:
keytool -import -alias <certificate alias> -storepass <your password> -keystore <your keystore file (cacerts)> -file <the certificate you want to import>
 
Hope this helps you out.
 
Cheers

::::::::::::::::::::::::::::::::::::::
Justin Schwartz
Analyst / Developer
Ivory Tower IS
[Phone ] +27 21 418 8230
[Fax   ] +27 21 425 4537
[Mobile] +27 82 487 3821
[E-mail] justin@ivorytower.co.za
[Web   ] http://www.ivorytower.co.za

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Valcu Gheorghe
Sent: 07 February 2002 12:42
To: openldap-software@OpenLDAP.org
Subject: ssl auth

I am trying to authentificate from java with anonymous on ssl and this is what the server throws me:
connection_get(10): got connid=104
connection_read(10): checking for input on id=104
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10): got connid=104
connection_read(10): checking for input on id=104
TLS trace: SSL3 alert read:fatal:unknown
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.
TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca s3_pkt.c:956
connection_read(10): TLS accept error error=-1 id=104, closing
connection_closing: readying conn=104 sd=10 for close
connection_close: conn=104 sd=10
Client side:
javax.naming.CommunicationException:x.x.x.x:636.  Root exception is javax.net.ssl.SSLHandshakeException: unknown CA
        at com.ibm.jsse.JSSESocket.install(Unknown Source)
        at com.ibm.jsse.JSSEOutputStream.install(Unknown Source)
        at com.ibm.jsse.JSSEOutputStream.write(Unknown Source)
        at java.io.OutputStream.write(OutputStream.java:61)
        at com.sun.jndi.ldap.Connection.<init>(Connection.java:155)
        at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:81)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2307)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:211)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:79)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:668)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:246)
        at javax.naming.InitialContext.init(InitialContext.java:222)
        at javax.naming.InitialContext.<init>(InitialContext.java:198)
        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:83)
Anybody has any ideea what could this be ? I have copyied the certificate from the server on the client side .. 
 

-------------------------------
Valcu Gheorghe
System Administrator
 
caatoosee s.r.l.
cluj 13
ro-1900 timisoara
 
tel. +4(0)-56-295215
fax. +4(0)-56-295216
mob. +4(0)-93-213726
mailto:valcu.gheorghe@caatoosee.ro
http://www.caatoosee.ro
-------------------------------