[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using "keytool" to create security certificates for OpenLDAP

Thanks Jon,

You are probably doing just what I want to do. Here's what I'm trying to do:

- Enable SSL on OpenLDAP (and all the certs/keys etc.)
[I've got this done via the installer itself and it works using the
ldapbrowser/editor tool that I downloaded online]

- Create a truststore on the JLDAP (client) side and add the OpenLDAP
server certificate to that truststore. I'm also hoping that this task
can be automated with Ant or as part of an installer given the
location of the certiciate file that is to be trusted.
[I'm at a loss as to what tool to use to generate the client-side
truststore and add the server-side certificate to it. Basically I'm
looking for a some instructions.]

- Launch JLDAP and connect to the server, and perform server
authentication against this client-side truststore.
[I haven't gotten to this stage as I'm stuck on the 2nd one :)].

Any pointers or instructions would be greatly appreciated.

Thanks a mill,

On Thu, 24 Mar 2005 16:03:36 -0600, Jon Roberts <jon@jonanddeb.net> wrote:
> Safdar Kureishy wrote:
> > As a follow-up, I had a question about JLDAP - not sure if that is
> > considered off-topic on this newsgroup ...
> As I understand, this list also covers JLDAP since it is OpenLDAP software.
> > I'm using JLDAP to connect to OpenLDAP, but since the Sun's SSL
> > security provider doesn't recognize PEM format files (only JKS files),
> > I was wondering if JLDAP has a security Provider implementation that
> > would know how to parse PEM files/certificates sent by OpenLDAP to the
> > client for authentication.
> I use .pem files with OpenLDAP and JLDAP (the
> LDAPJSSESecureSocketFactory), and it all works fine. I self-sign my
> certs, and the Java keystore accepts my local CA and creates encrypted
> connections without complaint from command line clients or a Tomcat
> container. It's not clear to me if you're doing something more involved,
> so I can't say what's holding you up, but that's my testimony FWIW.
> Jon Roberts
> www.mentata.com