directory-api mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	Kiran Ayyagari <kayyag...@apache.org>
Subject	Re: Problem using TLS or SSL to establish a secure binding
Date	Tue, 24 Mar 2015 12:27:04 GMT
On Tue, Mar 24, 2015 at 6:21 PM, Karim Hosny <karim.hosny@its.ws> wrote: > Hi, > > I have a problem trying to create a TLS negotiation or an SSL binding with > my Active Directory server running on windows 2008, although it works fine > with JNDI api but the apache directory is more feasible for my case since > it will include Kerberos authentication. > > I use the certificate for the account I use to login with as a PKCS12 > certificate, and I have the CA from the server added to the cacerts file > but I get failed to initialize SSL context exception, the exception is at > the end of the email. > > My code: > > LdapConnectionConfig config = new LdapConnectionConfig(); > config.setLdapHost(SERVER); > config.setLdapPort(389); > KeyStore keystore = KeyStore.getInstance("JKS"); > keystore.load(new > FileInputStream("C:\\bea\\jrockit_160_05\\jre\\lib\\security\\certificate.jks"), > "P@ssw0rd".toCharArray()); > TrustManagerFactory tmf = > TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); > tmf.init(keystore); > config.setTrustManagers(tmf.getTrustManagers()); > config.setName("CN=testUser,CN=Users,DC=bmrk,DC=com"); > config.setCredentials("P@ssw0rd"); > LdapNetworkConnection ldapNetworkConnection = new > LdapNetworkConnection(config); > ldapNetworkConnection.startTls();//the exception is thrown here > ldapNetworkConnection.bind(); > > Exception: > Exception in thread "Main Thread" > org.apache.directory.api.ldap.model.exception.LdapException: Failed to > initialize the SSL context > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3839) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3788) > at LDAPConTest.testLoginToLDAPDOMAIN(LDAPConTest.java:102) > at LDAPConTest.main(LDAPConTest.java:57) > Caused by: org.apache.mina.core.filterchain.IoFilterLifeCycleException: > onPreAdd(): sslFilter:SslFilter in (0x00000001: nio socket, client, / > 10.90.92.20:39519 => BMRKDC02.bmrk.com/10.90.92.3:389) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3832) > ... 3 more > Caused by: java.lang.IllegalArgumentException: TLSv1.1 > you must be using java version <= 1.6, TLSv1.1 is available from version 1.7 and higher so use java version >= 1.7 > at > com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133) > at > com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38) > at > com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:1736) > at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176) > at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381) > ... 5 more > > > Any ideas where the issue may come from? > > Thanks, > > Karim > -- Kiran Ayyagari http://keydap.com
Mime	Unnamed multipart/alternative (inline, None, 0 bytes) Unnamed text/plain (inline, None, 3288 bytes)
	View raw message