[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Using "keytool" to create security certificates for OpenLDAP
If I execute this without debugging, it hangs at the point I mentioned below.
However, if I debug it, it seems to go through fine, but it fails
after exactly 33 calls to bind() - on the 34th call it throw an
exception:
"SSLHandshakeException: Remote host closed connection during handshake".
Is this a known problem? Is there a setting on the OpenLDAP server for
max number of connections in any period of time?
Thanks,
Safdar
On Mon, 28 Mar 2005 16:54:09 -0800, Safdar Kureishy
<safdar.kureishy@gmail.com> wrote:
> On second thought - I think that was a coincidence. It seems to be
> having the same problem again now. This seems to happen intermittently
> for different calls to bind() - it then hangs. Is this a known problem
> with JLDAP and SSL?
>
> On Mon, 28 Mar 2005 13:15:47 -0800, Safdar Kureishy
> <safdar.kureishy@gmail.com> wrote:
> > Ah, never mind. We actually had some network problems in the office !
> > ;). IT all works fine now. Thanks a million Jon.
> >
> > On Mon, 28 Mar 2005 13:06:05 -0800, Safdar Kureishy
> > <safdar.kureishy@gmail.com> wrote:
> > > Thanks Jon.
> > >
> > > It worked after I made it "javax.net.ssl.trustStore". Thanks a mill.
> > >
> > > I'm running into another problem though -- it seems I cannot perform
> > > more than a couple of bind operations against OpenLDAP. After a
> > > certain number of calls to bind(), the thread gets stuck waiting on
> > > some condition, and I have no clue what that condition is. Have you
> > > had this problem? Is there a max number of connections that one can
> > > have active against OpenLDAP server?
> > >
> > > This is the code where it hangs:
> > > if (this.useSSL) {
> > > LDAPSocketFactory sslSocketFactory = new
> > > LDAPJSSESecureSocketFactory(/*new OpenLDAPSSLSocketFactory()*/);
> > > LDAPConnection.setSocketFactory(sslSocketFactory);
> > > }
> > > this.masterConnection = new LDAPConnection();
> > >
> > > try {
> > > this.masterConnection.connect(host, port);
> > >
> > > //**************** THIS LINE BELOW IS WHERE IT HANGS
> > > ******************
> > > this.masterConnection.bind(LDAPConnection.LDAP_V3,
> > > this.loginDN, passwd);
> > >
> > > } catch (LDAPException e) {
> > > throw new InitializationException("could not initialize a
> > > connection to the ldap server. If you have a firewall enabled, please
> > > make sure to enable passthrough for the openldap server port. Also
> > > make sure that your credentials are correct.",
> > > e);
> > > }
> > >
> > > Thanks,
> > > Safdar
> > >
> > >
> > > On Mon, 28 Mar 2005 14:41:57 -0600, Jon Roberts <jon@jonanddeb.net> wrote:
> > > > Safdar Kureishy wrote:
> > > > > I tried what you suggested -- adding CA.pem to the client's truststore
> > > > > - but I get the same error - "SSLHandshakeException:
> > > > > sun.security.validator.ValidatorException: No trusted certificate
> > > > > found"
> > > > >
> > > > > I even tried adding the server.pem file to the truststore but that
> > > > > didn't help of course. Is there any other system property that needs
> > > > > to be set apart from:
> > > > > System.setProperty("javax.net.ssl.truststore",
> > > > > "C:\\temp\\truststore.jks");
> > > >
> > > > System property keys are case sensitive, so you might want to try
> > > > 'javax.net.ssl.trustStore' instead (not the last S is capitalized).
> > > >
> > > > Did you try adding the CA.pem to the client JRE's default CA truststore?
> > > > I would recommend getting that working before setting up your own custom
> > > > truststore.
> > > >
> > > > Jon Roberts
> > > > www.mentata.com
> > > >
> > >
> >
>