[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using "keytool" to create security certificates for OpenLDAP

Thanks Jon.

It worked after I made it "javax.net.ssl.trustStore". Thanks a mill.

I'm running into another problem though -- it seems I cannot perform
more than a couple of bind operations against OpenLDAP. After a
certain number of calls to bind(), the thread gets stuck waiting on
some condition, and I have no clue what that condition is. Have you
had this problem? Is there a max number of connections that one can
have active against OpenLDAP server?

This is the code where it hangs:
        if (this.useSSL) {
            LDAPSocketFactory sslSocketFactory = new
LDAPJSSESecureSocketFactory(/*new OpenLDAPSSLSocketFactory()*/);
        this.masterConnection = new LDAPConnection();

        try {
            this.masterConnection.connect(host, port);

            //**************** THIS LINE BELOW IS WHERE IT HANGS
this.loginDN, passwd);

        } catch (LDAPException e) {
            throw new InitializationException("could not initialize a
connection to the ldap server. If you have a firewall enabled, please
make sure to enable passthrough for the openldap server port. Also
make sure that your credentials are correct.",


On Mon, 28 Mar 2005 14:41:57 -0600, Jon Roberts <jon@jonanddeb.net> wrote:
> Safdar Kureishy wrote:
> > I tried what you suggested -- adding CA.pem to the client's truststore
> > - but I get the same error - "SSLHandshakeException:
> > sun.security.validator.ValidatorException: No trusted certificate
> > found"
> >
> > I even tried adding the server.pem file to the truststore but that
> > didn't help of course. Is there any other system property that needs
> > to be set apart from:
> >         System.setProperty("javax.net.ssl.truststore",
> > "C:\\temp\\truststore.jks");
> System property keys are case sensitive, so you might want to try
> 'javax.net.ssl.trustStore' instead (not the last S is capitalized).
> Did you try adding the CA.pem to the client JRE's default CA truststore?
> I would recommend getting that working before setting up your own custom
> truststore.
> Jon Roberts
> www.mentata.com