My RESTful (Jersey) service needs to connect to the LDAP via one-way SSL.
I verified the trusted keystore was correct by running the same code as a Java application. In this case the SSL connection to the LDAP worked.
(The trusted keystore was in C:\Program Files\Java\jdk1.6.0_21\jre\lib\security.)
However when the code is run from a web service--or even a servlet--it gets the unknown_ca error.
"INFO: Error: javax.naming.CommunicationException: simple bind failed: someNode.some.node.someplace.gov:636 [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca]"
I have verified that the trusted keystore in "C:\glassfishv3\glassfish\domains\domain1\config" is also correct. I even copied the one from
the jre/lib/security directory.
I double-checked the JVM options in Glassfish:
-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks
-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks
Since SSL doesn't work from either a servlet or a web service, there must be something else I need to set in Glassfish. I have run out of ideas.
Thanks in advance,
Susan
[Message sent by forum member 'sjazama']
http://forums.java.net/jive/thread.jspa?messageID=483263