users@glassfish.java.net

Using Glassfish Ldap(s) Auth Realm without certificates

From: <glassfish_at_javadesktop.org>
Date: Fri, 23 Nov 2007 04:58:56 PST

Hello,
I have a problem using the LDAP Authentication Realm in Glassfish.

Without SSL it is working well, but when I set the URL to e.g. ldaps://ADSserver:636
I recieve this errormessage:

<snip>
[#|2007-11-23T13:21:08.794+0100|FINEST|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=16;_ThreadName=httpSSLWorkerThread-9080-0;ClassName=com.sun.enterprise.security.auth.LoginContextDriver;MethodName=doPasswordLogin;_RequestID=290d39cc-be28-4020-8ea4-6bffacb081a2;|doPasswordLogin fails
javax.security.auth.login.LoginException: javax.naming.CommunicationException: simple bind failed: blackbox:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
</snap>

I added my server certificate to the cacerts keystore and as it did not work, to the keystore.jks too.

Unfortionatly I still recieve the mentioned exception above.

Is it possible to disable or skip the check of the certificate ?

The only thing I found was "imqSSLIsHostTrusted" but I do not know how to use it.
[Message sent by forum member 'fryingpan' (fryingpan)]

http://forums.java.net/jive/thread.jspa?messageID=246923