Re: JNDI and OpenLDAP ssl

[Craig Dunigan <cdunigan@doit.wisc.edu>]

Note this isn't strictly an OpenLDAP question, but I'll answer it.  You've
proven that OpenLDAP SSL is working fine with ldapsearch, so this is
really a java/JNDI configuration question.

Is it a standalone app, or does it run inside an app server like Tomcat?
Both use different keystores.  You can verify that the right CA cert was
imported by doing

java -Djavax.net.ssl.trustStore=<full-path-to-keystore> yourAppName

If that works but java without the -D fails, you're not pointing to the
right keystore.  Ask on the JNDI list, if there is one.

Craig

On Fri, 6 Feb 2004, Gagnesh Kumar wrote:

> Hi All,
> 	I am trying to set up a java application that connects to a Openldap
> server using a SSL connection. I have been able to set up the server
> correctly and I can connect to it through ldapsearch -h "ldaps://" and also
> thorugh ldapbrowser.
> I have also managed to connect from the application to server through a
> non-SSL
> connection.But when I try to connect through SSL everything seems to
> fail.I have set the server CA certifcate in the keystore of JRE.
> I am getting the following Exception:
> Problem getting attribute: javax.naming.CommunicationException: simple bind
> fail
> ed: sl2:636 [Root exception is javax.net.ssl.SSLHandshakeException:
> java.securit
> y.cert.CertificateException: Couldn't find trusted certificate]
>
> Can someone please point out what needs to be configured?
> Thanks and regards,
> Gagnesh
>