Reputation: 549
SSL in two ways not working for my OpenLDAP
i am tying to to test an SSL 2 way connection (handshake) between a JAVA client and OpenLDAP server.
System.setProperty("javax.net.ssl.trustStore","C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword","changeit");
System.setProperty("javax.net.debug","ssl");
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
// Specify SSL
env.put(Context.SECURITY_PROTOCOL, "SSLv3");
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStore", "C:\\OpenLDAP\\etc\\certs\\client.p12");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
env.put(Context.PROVIDER_URL, "ldaps://localhost:636");
i installed OpenLDAP with default parameters and i exported the server.pem to the truststore above. from the logs i can see that the handshake failed after serverHello is done , wich i guess the problem of trying to get client certificate. what can be wrong with the configuration that i did ?
Upvotes: 0
Views: 401
Answers (1)
Reputation: 643
You need to add the server certificate to Java's keystore, because I'm assuming it's self-signed.
You can get the certificate using
openssl s_client -connect [hostname]:[port e.g. 443] < /dev/null > /tmp/lb.cert
Then add the certificate to your keystore
keytool -importcert -keystore [keystore location, varies, but can be e.g. /etc/pki/java/cacerts] -storepass changeit -file /tmp/lb.cert -alias newSelfSignedKey -noprompt
Upvotes: 1
Related Questions
- How to connect LDAP with TLS by JAVA
- Connect to open LDAP over ssl
- How to connect to ApacheDS with SSL?
- Apache mod auth_ldap won't work if ssl turned on
- LDAPConnection (org.apache.directory.ldap.client.api.LdapConnection) fails on ssl
- OpenLdap with SSL connection Failed
- Implementing LDAP over TLS
- SSL connection between eDirectory and OpenLDAP
- Java LDAP Authentication
- OpenLDAP and SSL