directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johanes Soetanto <otnat...@gmail.com>
Subject Fail to start ApacheDS with keystore that have multiple entries
Date Wed, 13 Feb 2019 09:11:03 GMT
Hi,

I'm wondering if someone can shed a light if it is possible to run ApacheDS
by using Keystore that have multiple entries.

Previously I have it set up using self-signed which works fine but my
colleague give me an existing Keystore that have company's wildcard
certificate + chain. I got error message

[19:55:06] ERROR [org.apache.directory.server.UberjarMain] - Failed to
start the service.
java.security.KeyStoreException: Key store contains more than one entry
at
org.apache.directory.server.ldap.LdapServer.loadKeyStore(LdapServer.java:413)
at org.apache.directory.server.ldap.LdapServer.start(LdapServer.java:509)
at
org.apache.directory.server.ApacheDsService.startLdap(ApacheDsService.java:423)
at
org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:200)
at
org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:152)
at org.apache.directory.server.UberjarMain.start(UberjarMain.java:151)
at org.apache.directory.server.UberjarMain.main(UberjarMain.java:77)

I thought I could get it working by simply removing the certificate chain,
but apparently it doesn't work as well

[19:58:28] ERROR [org.apache.directory.server.UberjarMain] - Failed to
start the service.
java.security.UnrecoverableKeyException: Cannot recover key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:138)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55)
at java.security.KeyStore.getKey(KeyStore.java:804)
at
org.apache.directory.server.ldap.LdapServer.loadKeyStore(LdapServer.java:423)
at org.apache.directory.server.ldap.LdapServer.start(LdapServer.java:509)
at
org.apache.directory.server.ApacheDsService.startLdap(ApacheDsService.java:423)
at
org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:200)
at
org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:152)
at org.apache.directory.server.UberjarMain.start(UberjarMain.java:151)
at org.apache.directory.server.UberjarMain.main(UberjarMain.java:77)

So, if it is not possible what is the best way to use SSL certificate for
ApacheDS ? I try to follow instruction from the ApacheDS site but it seems
like it concentrate mainly on the self-signed certificate.

If someone can give me pointer would be great.

Regards,

Johanes

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message