[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using "keytool" to create security certificates for OpenLDAP

Safdar Kureishy wrote:
As a follow-up, I had a question about JLDAP - not sure if that is
considered off-topic on this newsgroup ...

As I understand, this list also covers JLDAP since it is OpenLDAP software.

I'm using JLDAP to connect to OpenLDAP, but since the Sun's SSL
security provider doesn't recognize PEM format files (only JKS files),
I was wondering if JLDAP has a security Provider implementation that
would know how to parse PEM files/certificates sent by OpenLDAP to the
client for authentication.

I use .pem files with OpenLDAP and JLDAP (the LDAPJSSESecureSocketFactory), and it all works fine. I self-sign my certs, and the Java keystore accepts my local CA and creates encrypted connections without complaint from command line clients or a Tomcat container. It's not clear to me if you're doing something more involved, so I can't say what's holding you up, but that's my testimony FWIW.

Jon Roberts