users@glassfish.java.net

LDAPS certificate configuration

From: <glassfish_at_javadesktop.org>
Date: Fri, 13 Aug 2010 07:20:57 PDT

Hi,

How can I configure the certificate alias to be used for an LDAPS realm in GlassFish?

I am trying to configure an LDAPS authentication realm for one of our clients on GlassFish 2.1.1. We originally configured a simple LDAP realm to authenticate users for the web application via their ActiveDirectory LDAP server. This worked fine, but when we attempted to use LDAPS (by changing the protocol to ldaps in the directory name and changing the port number as required) we have been unable to get users to authenticate properly. I suspect that the problem may be the certificate which is being used not being trusted by the certificate authority. In WAS there is a way to specify the certificate alias to be used for an LDAPS realm, but in GF it is not clear how this can be configured. The only thing I have been able to find on this was a jvm arg which can be used to set the certificate alias to be used for https: -
Dcom.sun.enterprise.security.httpsOutboundKeyAlias=$my_cert_alias$

I tried this in the hope it might also work for ldaps, but I still get the same issue where login is rejected.
[Message sent by forum member 'slossr']

http://forums.java.net/jive/thread.jspa?messageID=480115