[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using "keytool" to create security certificates for OpenLDAP

Ah, never mind. We actually had some network problems in the office !
;). IT all works fine now. Thanks a million Jon.


On Mon, 28 Mar 2005 13:06:05 -0800, Safdar Kureishy
<safdar.kureishy@gmail.com> wrote:
> Thanks Jon.
> 
> It worked after I made it "javax.net.ssl.trustStore". Thanks a mill.
> 
> I'm running into another problem though -- it seems I cannot perform
> more than a couple of bind operations against OpenLDAP. After a
> certain number of calls to bind(), the thread gets stuck waiting on
> some condition, and I have no clue what that condition is. Have you
> had this problem? Is there a max number of connections that one can
> have active against OpenLDAP server?
> 
> This is the code where it hangs:
>         if (this.useSSL) {
>             LDAPSocketFactory sslSocketFactory = new
> LDAPJSSESecureSocketFactory(/*new OpenLDAPSSLSocketFactory()*/);
>             LDAPConnection.setSocketFactory(sslSocketFactory);
>         }
>         this.masterConnection = new LDAPConnection();
> 
>         try {
>             this.masterConnection.connect(host, port);
> 
>             //**************** THIS LINE BELOW IS WHERE IT HANGS
> ******************
>             this.masterConnection.bind(LDAPConnection.LDAP_V3,
> this.loginDN, passwd);
> 
>         } catch (LDAPException e) {
>             throw new InitializationException("could not initialize a
> connection to the ldap server. If you have a firewall enabled, please
> make sure to enable passthrough for the openldap server port. Also
> make sure that your credentials are correct.",
>                     e);
>         }
> 
> Thanks,
> Safdar
> 
> 
> On Mon, 28 Mar 2005 14:41:57 -0600, Jon Roberts <jon@jonanddeb.net> wrote:
> > Safdar Kureishy wrote:
> > > I tried what you suggested -- adding CA.pem to the client's truststore
> > > - but I get the same error - "SSLHandshakeException:
> > > sun.security.validator.ValidatorException: No trusted certificate
> > > found"
> > >
> > > I even tried adding the server.pem file to the truststore but that
> > > didn't help of course. Is there any other system property that needs
> > > to be set apart from:
> > >         System.setProperty("javax.net.ssl.truststore",
> > > "C:\\temp\\truststore.jks");
> >
> > System property keys are case sensitive, so you might want to try
> > 'javax.net.ssl.trustStore' instead (not the last S is capitalized).
> >
> > Did you try adding the CA.pem to the client JRE's default CA truststore?
> > I would recommend getting that working before setting up your own custom
> > truststore.
> >
> > Jon Roberts
> > www.mentata.com
> >
>