Re: Using "keytool" to create security certificates for OpenLDAP

[Jon Roberts <jon@jonanddeb.net>]

Safdar Kureishy wrote:
> As a follow-up, I had a question about JLDAP - not sure if that is
> considered off-topic on this newsgroup ...

As I understand, this list also covers JLDAP since it is OpenLDAP software.

> I'm using JLDAP to connect to OpenLDAP, but since the Sun's SSL
> security provider doesn't recognize PEM format files (only JKS files),
> I was wondering if JLDAP has a security Provider implementation that
> would know how to parse PEM files/certificates sent by OpenLDAP to the
> client for authentication.

I use .pem files with OpenLDAP and JLDAP (the 
LDAPJSSESecureSocketFactory), and it all works fine. I self-sign my 
certs, and the Java keystore accepts my local CA and creates encrypted 
connections without complaint from command line clients or a Tomcat 
container. It's not clear to me if you're doing something more involved, 
so I can't say what's holding you up, but that's my testimony FWIW.

Jon Roberts
www.mentata.com