directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Problem using TLS or SSL to establish a secure binding
Date Tue, 24 Mar 2015 12:27:04 GMT
On Tue, Mar 24, 2015 at 6:21 PM, Karim Hosny <karim.hosny@its.ws> wrote:

> Hi,
>
> I have a problem trying to create a TLS negotiation or an SSL binding with
> my Active Directory server running on windows 2008, although it works fine
> with JNDI api but the apache directory is more feasible for my case since
> it will include Kerberos authentication.
>
> I use the certificate for the account I use to login with as a PKCS12
> certificate, and I have the CA from the server added to the cacerts file
> but I get failed to initialize SSL context exception, the exception is at
> the end of the email.
>
> My code:
>
> LdapConnectionConfig config = new LdapConnectionConfig();
> config.setLdapHost(SERVER);
> config.setLdapPort(389);
> KeyStore keystore = KeyStore.getInstance("JKS");
>                 keystore.load(new
> FileInputStream("C:\\bea\\jrockit_160_05\\jre\\lib\\security\\certificate.jks"),
> "P@ssw0rd".toCharArray());
> TrustManagerFactory tmf =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> tmf.init(keystore);
> config.setTrustManagers(tmf.getTrustManagers());
> config.setName("CN=testUser,CN=Users,DC=bmrk,DC=com");
> config.setCredentials("P@ssw0rd");
> LdapNetworkConnection ldapNetworkConnection = new
> LdapNetworkConnection(config);
> ldapNetworkConnection.startTls();//the exception is thrown here
> ldapNetworkConnection.bind();
>
> Exception:
> Exception in thread "Main Thread"
> org.apache.directory.api.ldap.model.exception.LdapException: Failed to
> initialize the SSL context
>       at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3839)
>       at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3788)
>       at LDAPConTest.testLoginToLDAPDOMAIN(LDAPConTest.java:102)
>       at LDAPConTest.main(LDAPConTest.java:57)
> Caused by: org.apache.mina.core.filterchain.IoFilterLifeCycleException:
> onPreAdd(): sslFilter:SslFilter in (0x00000001: nio socket, client, /
> 10.90.92.20:39519 => BMRKDC02.bmrk.com/10.90.92.3:389)
>       at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:383)
>       at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.addFirst(DefaultIoFilterChain.java:184)
>       at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.addSslFilter(LdapNetworkConnection.java:3832)
>       ... 3 more
> Caused by: java.lang.IllegalArgumentException: TLSv1.1
>
you must be using java version <= 1.6, TLSv1.1 is available from version
1.7 and higher
so use java version >= 1.7

>       at
> com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133)
>       at
> com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38)
>       at
> com.sun.net.ssl.internal.ssl.SSLEngineImpl.setEnabledProtocols(SSLEngineImpl.java:1736)
>       at org.apache.mina.filter.ssl.SslHandler.init(SslHandler.java:176)
>       at org.apache.mina.filter.ssl.SslFilter.onPreAdd(SslFilter.java:426)
>       at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.register(DefaultIoFilterChain.java:381)
>       ... 5 more
>
>
> Any ideas where the issue may come from?
>
> Thanks,
>
> Karim
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message