Re: [virgo-dev] LDAP over SSL and keystore

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [virgo-dev] LDAP over SSL and keystore

From: "Fetyko, Jan" <Jan.Fetyko@xxxxxxxxxxxx>
Date: Tue, 12 Apr 2011 16:06:40 -0500
Accept-language: en-US
Acceptlanguage: en-US
Delivered-to: virgo-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/virgo-dev>
List-help: <mailto:virgo-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/virgo-dev>, <mailto:virgo-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/virgo-dev>, <mailto:virgo-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: Acv1E1ECe0As6ZEdQL29iDYvyY3IfgEQeaTg
Thread-topic: [virgo-dev] LDAP over SSL and keystore

Hristo,

I have tried this, but still no luck. I get the same error, which is:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I will keep digging, but I hope somebody has more hints.

Thank you.

Jan

From: Hristo Iliev [mailto:hsiliev@xxxxxxxxx]
Sent: Thursday, April 07, 2011 6:02 AM
To: Virgo Project
Cc: Fetyko, Jan
Subject: Re: [virgo-dev] LDAP over SSL and keystore

Hi,

The property javax.net.ssl.trustStore is specified in Virgo's startup scripts. To change the location you can use the -truststore parameter.

I'm not sure if changes to the system property done after first use of SSL will have any effect. Probably the Java classes handling the trust store are already initialized and no check for a changed value is made when they are used.

Regards,
Hristo Iliev

On 7 April 2011 06:39, Fetyko, Jan <Jan.Fetyko@xxxxxxxxxxxx> wrote:

Hello,

I’m turning to the mailing list with a problem we have with one of our bundles. It is an authentication bundle that validates users against ldap. The code uses a separate keystore where the LDAP’s public key is stored. The code works perfectly in junit tests, but unfortunately in virgo 2.1 the keystore is not used for some reason. I could only get it working if I import the LDAP’s public cert into the JRE’s cacerts keystore. I even tried to put the public key into the $VIRGO/config/keystore, still no luck.

Imports:

import com.novell.ldap.LDAPConnection;

import com.novell.ldap.LDAPEntry;

import com.novell.ldap.LDAPException;

import com.novell.ldap.LDAPJSSESecureSocketFactory;

import com.novell.ldap.LDAPSearchResults;

Here is the code:

Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());

System.setProperty("javax.net.ssl.trustStore", “keystore.jks”);

LDAPConnection.setSocketFactory(new LDAPJSSESecureSocketFactory());

ldapConnection = new LDAPConnection();

ldapConnection.connect(host, 636);

ldapConnection.bind(V3, loginDN, password);

Is there anything different in virgo than in say servlet containers that would cause this issue ?

Thank you.

Jan

_______________________________________________
virgo-dev mailing list
virgo-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/virgo-dev

Follow-Ups:
- Re: [virgo-dev] LDAP over SSL and keystore
  - From: Glyn Normington

References:
- [virgo-dev] LDAP over SSL and keystore
  - From: Fetyko, Jan
- Re: [virgo-dev] LDAP over SSL and keystore
  - From: Hristo Iliev

Prev by Date: [virgo-dev] Today's community call is cancelled
Next by Date: [virgo-dev] Snaps and virgo 2.1
Previous by thread: Re: [virgo-dev] LDAP over SSL and keystore
Next by thread: Re: [virgo-dev] LDAP over SSL and keystore
Index(es):
- Date
- Thread

Breadcrumbs