On Tue, Mar 24, 2015 at 6:21 PM, Karim Hosny <karim.hosny@its.ws> wrote:
> Hi,
>
> I have a problem trying to create a TLS negotiation or an SSL binding with
> my Active Directory server running on windows 2008, although it works fine
> with JNDI api but the apache directory is more feasible for my case since
> it will include Kerberos authentication.
>
> I use the certificate for the account I use to login with as a PKCS12
> certificate, and I have the CA from the server added to the cacerts file
> but I get failed to initialize SSL context exception, the exception is at
> the end of the email.
>
> My code:
>
> LdapConnectionConfig config = new LdapConnectionConfig();
> config.setLdapHost(SERVER);
> config.setLdapPort(389);
> KeyStore keystore = KeyStore.getInstance("JKS");
> keystore.load(new
> FileInputStream("C:\\bea\\jrockit_160_05\\jre\\lib\\security\\certificate.jks"),
> "P@ssw0rd".toCharArray());
> TrustManagerFactory tmf =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> tmf.init(keystore);
> config.setTrustManagers(tmf.getTrustManagers());
> config.setName("CN=testUser,CN=Users,DC=bmrk,DC=com");
> config.setCredentials("P@ssw0rd");
> LdapNetworkConnection ldapNetworkConnection = new
> LdapNetworkConnection(config);
> ldapNetworkConnection.startTls();//the exception is thrown here
> ldapNetworkConnection.bind();
>
> Exception:
> Exception in thread "Main Thread"
> org.apache.directory.api.ldap.model.exception.LdapException: Failed to
> initialize the SSL context
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3839)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3788)
> at LDAPConTest.testLoginToLDAPDOMAIN(LDAPConTest.java:102)
> at LDAPConTest.main(LDAPConTest.java:57)
> Caused by: org.apache.mina.core.filterchain.IoFilterLifeCycleException:
> onPreAdd(): sslFilter:SslFilter in (0x00000001: nio socket, client, /
> 10.90.92.20:39519 => BMRKDC02.bmrk.com/10.90.92.3:389)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3832)
> ... 3 more
> Caused by: java.lang.IllegalArgumentException: TLSv1.1
>
you must be using java version <= 1.6, TLSv1.1 is available from version
1.7 and higher
so use java version >= 1.7
> at
> com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133)
> at
> com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38)
> at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:1736)
> at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
> at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
> ... 5 more
>
>
> Any ideas where the issue may come from?
>
> Thanks,
>
> Karim
>
--
Kiran Ayyagari
http://keydap.com
|