directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karim Hosny <karim.ho...@its.ws>
Subject Problem using TLS or SSL to establish a secure binding
Date Tue, 24 Mar 2015 10:21:09 GMT
Hi,

I have a problem trying to create a TLS negotiation or an SSL binding with my Active Directory
server running on windows 2008, although it works fine with JNDI api but the apache directory
is more feasible for my case since it will include Kerberos authentication.

I use the certificate for the account I use to login with as a PKCS12 certificate, and I have
the CA from the server added to the cacerts file but I get failed to initialize SSL context
exception, the exception is at the end of the email.

My code:

LdapConnectionConfig config = new LdapConnectionConfig();
config.setLdapHost(SERVER);
config.setLdapPort(389);
KeyStore keystore = KeyStore.getInstance("JKS");
                keystore.load(new FileInputStream("C:\\bea\\jrockit_160_05\\jre\\lib\\security\\certificate.jks"),
"P@ssw0rd".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keystore);
config.setTrustManagers(tmf.getTrustManagers());
config.setName("CN=testUser,CN=Users,DC=bmrk,DC=com");
config.setCredentials("P@ssw0rd");
LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(config);
ldapNetworkConnection.startTls();//the exception is thrown here
ldapNetworkConnection.bind();

Exception:
Exception in thread "Main Thread" org.apache.directory.api.ldap.model.exception.LdapException:
Failed to initialize the SSL context
      at org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3839)
      at org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3788)
      at LDAPConTest.testLoginToLDAPDOMAIN(LDAPConTest.java:102)
      at LDAPConTest.main(LDAPConTest.java:57)
Caused by: org.apache.mina.core.filterchain.IoFilterLifeCycleException: onPreAdd(): sslFilter:SslFilter
in (0x00000001: nio socket, client, /10.90.92.20:39519 => BMRKDC02.bmrk.com/10.90.92.3:389)
      at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
      at org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184)
      at org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3832)
      ... 3 more
Caused by: java.lang.IllegalArgumentException: TLSv1.1
      at com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133)
      at com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38)
      at com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:1736)
      at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
      at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426)
      at org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
      ... 5 more


Any ideas where the issue may come from?

Thanks,

Karim

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message