directory-api mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	Karim Hosny <karim.ho...@its.ws>
Subject	Problem using TLS or SSL to establish a secure binding
Date	Tue, 24 Mar 2015 10:21:09 GMT
Hi, I have a problem trying to create a TLS negotiation or an SSL binding with my Active Directory server running on windows 2008, although it works fine with JNDI api but the apache directory is more feasible for my case since it will include Kerberos authentication. I use the certificate for the account I use to login with as a PKCS12 certificate, and I have the CA from the server added to the cacerts file but I get failed to initialize SSL context exception, the exception is at the end of the email. My code: LdapConnectionConfig config = new LdapConnectionConfig(); config.setLdapHost(SERVER); config.setLdapPort(389); KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(new FileInputStream("C:\\bea\\jrockit_160_05\\jre\\lib\\security\\certificate.jks"), "P@ssw0rd".toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keystore); config.setTrustManagers(tmf.getTrustManagers()); config.setName("CN=testUser,CN=Users,DC=bmrk,DC=com"); config.setCredentials("P@ssw0rd"); LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(config); ldapNetworkConnection.startTls();//the exception is thrown here ldapNetworkConnection.bind(); Exception: Exception in thread "Main Thread" org.apache.directory.api.ldap.model.exception.LdapException: Failed to initialize the SSL context at org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3839) at org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3788) at LDAPConTest.testLoginToLDAPDOMAIN(LDAPConTest.java:102) at LDAPConTest.main(LDAPConTest.java:57) Caused by: org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd(): sslFilter:SslFilter in (0x00000001: nio socket, client, /10.90.92.20:39519 => BMRKDC02.bmrk.com/10.90.92.3:389) at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383) at org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184) at org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3832) ... 3 more Caused by: java.lang.IllegalArgumentException: TLSv1.1 at com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133) at com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:1736) at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176) at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426) at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381) ... 5 more Any ideas where the issue may come from? Thanks, Karim
Mime	Unnamed multipart/alternative (inline, None, 0 bytes) Unnamed text/plain (inline, Quoted Printable, 2980 bytes)
	View raw message