users@glassfish.java.net

Re: Simple LDAP connection over SSL (LDAPS) fails in glassfish

From: Bernhard Thalmayr <bernhard.thalmayr_at_painstakingminds.com>
Date: Tue, 29 Nov 2011 20:56:31 +0100

You may turn on JCE debugging as described here
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html

-Djavax.net.debug=SSL,hanshake,trustmanager

should be sufficient to tell you why the handshake is failing

HTH,
Bernhard



On Tue, Nov 29, 2011 at 8:06 PM, <forums_at_java.net> wrote:

> Hi,
>
> I created a simple servlet which tried to connect to ldap over sll.
> I imported the certificate into the truststore (which is defined by
> -Djavax.net.ssl.trustStore in domain.xml).
> I get the following error:
> <code>handling exception: javax.net.ssl.**SSLHandshakeException: Received
> fatal
> alert: unknown_ca
> anonymous bind failed
> <code>
> When I take the same code and run it outside glassfish it works (works on
> tomcat, also works with no app server, just simple java code, and the
> certificate is imported to jre/lib/security/cacerts).
> The code is basically this:
> <code>
> Hashtable env = new Hashtable();
> env.put(Context.INITIAL_**CONTEXT_FACTORY, "com.sun.jndi.ldap.**
> LdapCtxFactory");
> String url = "LDAPS://" + server + ":" + port ;
> env.put(Context.PROVIDER_URL,**url);
> env.put(Context.SECURITY_**AUTHENTICATION, "none");
> DirContext ctx =new InitialDirContext(env);
> <code>
>
>
>
> I spent 4 days on it and it's very frustrating.
> Any help will be appreciated...
> Thanks in advance.
>
>
> --
>
> [Message sent by forum member 'Karo']
>
> View Post: http://forums.java.net/node/**869155<http://forums.java.net/node/869155>
>
>
>


-- 
IT-Consulting Bernhard Thalmayr
- Painstaking Minds -
83620 Vagen (Munich area)
Germany