Hi,
How does your application obtain the SSL socket/connection? Have you
tried setting the system property -Djavax.net.debug=ssl on the client
side to get more debug output?
Quang
On 9/27/12 1:22 AM, Kevin Schmidt wrote:
> Hi,
>
> I have an application running in GlassFIsh that makes a connection to
> an LDAP server using SSL and it works fine in GlassFish v2, but in v3
> the SSL handshake fails with the LDAP server reporting this error:
>
> [25/Sep/2012:20:16:09 -0400] conn=8346156 op=-1 msgId=-1 - fd=69
> slot=69 LDAPS connection from 10.171.11.11:47721
> <http://10.171.11.11:47721> to 10.178.23.133
> [25/Sep/2012:20:16:09 -0400] conn=8346156 op=-1 msgId=-1 - SSL
> error-8156 (Issuer certificate is invalid.); unauthenticated client
> CN=sigma,OU=GlassFish,O=Oracle Corporation,L=Santa
> Clara,ST=California,C=US; issuer CN=sigma,OU=GlassFish,O=Oracle
> Corporation,L=Santa Clara,ST=California,C=US
>
> The LDAP server is not configured to require client certificate
> authentication, so I'm confused as to why a client certificate is
> being sent? My understanding of the handshake is that it would only
> be sent if the server requests it which it isn't doing.
>
> Did something change between v2 and v3 in how the SSL handshake is
> done for clients running in GlassFish and connecting to a resource
> using SSL? Is there certain configuration that I need to check or
> verify in v3 that may have defaulted to what works in v2 but not v3?
>
> Thanks,
>
> KEvin