incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Willeke <...@willeke.com>
Subject Re: Web Container Authentication Via LDAP
Date Fri, 09 Oct 2009 10:42:30 GMT
Did you look in the jre?

If you are using a JDK then the file would be:
\jdk1.6.0_14\jre\lib\security\cacerts


-jim
Jim Willeke


On Fri, Oct 9, 2009 at 5:51 AM, anilkumarkatta <anilkumarkatta@gmail.com>wrote:

>
>
> Hi All
>
> Thanks for you replies.
>
> I have tried installing the ssl for the url. but same issue.
>
> I took some time to check how the existing url's ssl is done in keystore..
> but find nothing in java_home/lib/security.
>
> how this can be no ssl certifcates in keystore?
>
> if they keystore is exists in app level where does it saved in application
>
> Thanks again for the replies.
>
> -Anil
>
>
> Andrew Jaquith-4 wrote:
> >
> > You are pretty new to this whole Java thing aren't you?
> >
> > It appears that 1) your LDAP server requires SSL (a good thing!) and
> > that 2) your LDAP's SSL certificate is self-signed and therefore not
> > trusted.
> >
> > Java keeps an internal list of SSL certs it trusts. Your self-signed
> > CA is not one of them. You need to add the SSL certificate CA (that
> > is, the self-signed root) to your local JSSE trusted certificate
> > store. This is at $JAVA_HOME/lib/security/cacerts.
> >
> > The Java command line tool "keytool" can do this. You can also use my
> > SSLHelper class, part of my freshcookies-security.jar that ships with
> > JSPWiki. Indeed, I wrote it for just this situation. See the docs at
> > freshcookies.org
> >   for details.
> >
> > With either aproach, you will need appprpriate admin rights to modify
> > the truststore.
> >
> > Andrew
> >
> > On Oct 6, 2009, at 8:29, anilkumarkatta <anilkumarkatta@gmail.com>
> > wrote:
> >
> >>
> >>
> >> ....contd.
> >> Caused by: javax.net.ssl.SSLHandshakeException:
> >> sun.security.validator.ValidatorException: PKIX path building failed:
> >> sun.security.provider.certpath.SunCertPathBuilderException: unable
> >> to find
> >> valid certification path to requested target
> >>
> >>
> >> anilkumarkatta wrote:
> >>>
> >>> Hi All
> >>>
> >>> I have tried to authenticate via LDAP server with all the
> >>> configuration
> >>> procedure explained in the URL
> >>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP
> >>> with a user provided LDAP settings, I got firewall team to get the
> >>> secure
> >>> port open from where application is talking to the LDAP.
> >>>
> >>> i am getting this exception while start of the application
> >>>
> >>>
> >>> 2009-10-06 22:14:04,581 [Thread-2] INFO
> >>> org.apache.catalina.tribes.membership.McastService - Done sleeping,
> >>> membership established, start level:4
> >>> 2009-10-06 22:14:04,581 [Thread-2] INFO
> >>> org.apache.catalina.tribes.membership.McastService - Sleeping for
> >>> 1000
> >>> milliseconds to establish cluster membership, start level:8
> >>> 2009-10-06 22:14:05,581 [Thread-2] INFO
> >>> org.apache.catalina.tribes.membership.McastService - Done sleeping,
> >>> membership established, start level:8
> >>> 2009-10-06 22:14:06,144 [Thread-2] WARN
> >>> org.apache.catalina.core.ContainerBase.[Catalina] - Exception
> >>> performing
> >>> authentication
> >>> javax.naming.CommunicationException: simple bind failed:
> >>> ARTE001.MYDOMAIN.AK.com:636 [Root exception is
> >>> javax.net.ssl.SSLHandshakeException:
> >>> sun.security.validator.ValidatorException: PKIX path building failed:
> >>> sun.security.provider.certpath.SunCertPathBuilderException: unable
> >>> to find
> >>> valid certification path to requested target]
> >>>    at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
> >>>    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
> >>>    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
> >>>
> >>>
> >>> where as when I place other deatails of the LDAP its working fine.
> >>> does this required any cerification files like .jks files.. if so
> >>> where
> >>> shall I place them?
> >>>
> >>> your replies are most welcome
> >>>
> >>> Regards,
> >>> -Anil Katta
> >>>
> >>
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/Web-Container-Authentication-Via-LDAP-tp25767713p25767801.html
> >> Sent from the JspWiki - User mailing list archive at Nabble.com.
> >>
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Web-Container-Authentication-Via-LDAP-tp25767713p25818421.html
> Sent from the JspWiki - User mailing list archive at Nabble.com.
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message