[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: help SSL on Openldap and java



On Fri, May 28, 2010 at 9:39 AM, s g <sirisha.kmb@gmail.com> wrote:

javax.naming.CommunicationException: simple bind failed: vcheung-181.lab.xxxx.net:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Netscape cert type does not permit use for SSL server]
     at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)
     at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2658)
     at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)

You probably have your certs round the wrong way. The server cert (on the ldap server)  should have 'SSL Server' usage flag the client cert (on the ldap client) should have 'SSL Client' usage flag.

The usage flags are embedded when you make the csr (certificate request) which will then usually be reflected in the generated certificate, unless your CA overrides them.

Do a "openssl x509 -in <cert file> -noout -text" to compare the two certificates.

Cheers
Brett