Hi,
I have a problem trying to create a TLS negotiation or an SSL binding with my Active Directory
server running on windows 2008, although it works fine with JNDI api but the apache directory
is more feasible for my case since it will include Kerberos authentication.
I use the certificate for the account I use to login with as a PKCS12 certificate, and I have
the CA from the server added to the cacerts file but I get failed to initialize SSL context
exception, the exception is at the end of the email.
My code:
LdapConnectionConfig config = new LdapConnectionConfig();
config.setLdapHost(SERVER);
config.setLdapPort(389);
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream("C:\\bea\\jrockit_160_05\\jre\\lib\\security\\certificate.jks"),
"P@ssw0rd".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keystore);
config.setTrustManagers(tmf.getTrustManagers());
config.setName("CN=testUser,CN=Users,DC=bmrk,DC=com");
config.setCredentials("P@ssw0rd");
LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(config);
ldapNetworkConnection.startTls();//the exception is thrown here
ldapNetworkConnection.bind();
Exception:
Exception in thread "Main Thread" org.apache.directory.api.ldap.model.exception.LdapException:
Failed to initialize the SSL context
at org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3839)
at org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3788)
at LDAPConTest.testLoginToLDAPDOMAIN(LDAPConTest.java:102)
at LDAPConTest.main(LDAPConTest.java:57)
Caused by: org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd(): sslFilter:SslFilter
in (0x00000001: nio socket, client, /10.90.92.20:39519 => BMRKDC02.bmrk.com/10.90.92.3:389)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184)
at org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3832)
... 3 more
Caused by: java.lang.IllegalArgumentException: TLSv1.1
at com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133)
at com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:1736)
at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
... 5 more
Any ideas where the issue may come from?
Thanks,
Karim
|