directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bob Hehmann (JIRA)" <>
Subject [jira] [Commented] (DIRSERVER-1816) Unable to enable SSL to the APACHE DS
Date Tue, 21 May 2013 21:34:21 GMT


Bob Hehmann commented on DIRSERVER-1816:

I received an almost identical message when trying to configure Apache DS (V2.0.0-M12, 32
bit, Java 7.21) for SSL using Directory Studio (V2.0.0 build 798, 64 bit, Java 7.21). underlying
OS is Windows 7, 64 bit. I used the "Browse" function to locate my keystore file, resulting
in a file path\name something like: "C:\ApacheDS\instances...". Attempting to save the configuration
in Studio threw the errors 04447, 04473, ...: all the same details found in the original post.
Playing with it, it looks the the parser is not accepting the Windows backslash "\", only
a Unix style forward slash "/" in the path syntax. Changing to the Unix syntax allowed me
to successfully save (and recover in another Studio session) the path to the keystore file,
and Directory Server properly accessed and utilized the file once this change was made. Note
- I'm upgrading the DS suite for the first time since V1.5, and am frankly disappointed in
how many basic fatal bugs seem to have made it into the DS2.0.0-M12 and Studio2.0.0-M6 releases.
Simple things most anyone would do to configure a remedial server just fail out of the box
(such as attempting to open a DS configuration using Studio.) Very disappointing.
> Unable to enable SSL to the APACHE DS 
> --------------------------------------
>                 Key: DIRSERVER-1816
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Task
>          Components: ldap
>    Affects Versions: 2.0.0-M10
>         Environment: Windows 
>            Reporter: RakeshAcharya
>            Priority: Blocker
>              Labels: security
>   Original Estimate: 24h
>  Remaining Estimate: 24h
> Below are steps taken to enable SSL
> 1. Created a new valid Key pair using Portecle.
> 2. Placed the KeyStore in the conf directory 
> 3. Added the below entry in the conf.ldif file
> ads-ldapServerCertificatePassword
> ads-ldapServerKeystoreFile
> also tried below entries
> keystoreFile ,certificatePassword 
> ads-ldapServerKeystoreFile,ads-ldapServerCertificatePassword
> Facing below error while starting the server
> Error:
> ERR_04447_CANNOT_NORMALIZE_VALUE Cannot normalize the wrapped value ERR_04473_NOT_VALID_VALUE
Not a valid value 'C:\Users\rakeshacharya\.ApacheDirectoryStudio\.metadata\.plugins\\servers\f9ed386b-f8a9-4a79-be12-b5cfabf362be\conf\localhost.jks'
for the AttributeType 'ATTRIBUTE_TYPE (
>  NAME 'ads-keystoreFile'
>  DESC The keystore file to use to store certificates
>  EQUALITY caseExactMatch
>  ORDERING caseExactOrderingMatch
>  SUBSTR caseExactSubstringsMatch
>  USAGE userApplications
> ERR_04269 ATTRIBUTE_TYPE for OID certificatepassword does not exist

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message