tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Mikusa <dmik...@gopivotal.com>
Subject Re: Cert
Date Fri, 02 Aug 2013 13:41:29 GMT
On Aug 2, 2013, at 9:23 AM, Kyle Shattuck <kyles@montcalm.edu> wrote:

> My Server( CAS) is using SSL and the LDAP(DC) server uses SSL. So when I try to authenticate
through my CAS server to DC over LDAPS it does not work.  When I look at the logs of the "Applications
and Services Logs" -->"Directory Service" is says-->
> Information    ActiveDirectory_DomainService	1535	LDAP Interface:
> Internal event: The LDAP server returned an error. 
> 
> Additional Data 
> Error value:
> 00000003: LdapErr: DSID-0C060463, comment: Error decrypting ldap message, data 0, v1db1

Sorry for being slow here.  I'm just not quite sure how this is related to Tomcat.  It seems
like an application or JVM configuration issue.  

A couple more questions for you.

  - What log are you pulling this from?  Is this from your LDAP server, an application log
or a Tomcat log?  

  - How are you configuring your application to connect to your LDAP server?  Is this with
a <Resource /> tag in Tomcat?  or is this done in application configuration?  Can you
include this config for us, minus passwords?

  - Does your LDAP server have a certificate from a trusted certificate authority?  Is this
what you were talking about when you mentioned creating a keystore with a certificate from
digicert in your original email?  Or is the LDAP Server's certificate self signed?

Dan

> 
> Tomcat version:apache-tomcat-7.0.42
> 
> -----Original Message-----
> From: Daniel Mikusa [mailto:dmikusa@gopivotal.com] 
> Sent: Friday, August 02, 2013 8:59 AM
> To: Tomcat Users List
> Subject: Re: Cert
> 
> On Aug 2, 2013, at 7:33 AM, Kyle Shattuck <kyles@montcalm.edu> wrote:
> 
>> Hello,
>> I am using Tomcat 7 on a windows server 2012 build for this: https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method
>> 
>> I don't think SSL is not working correctly because every time I try to authenticate
over LDAPS it does not work.
> 
> What part of this doesn't work?  Connecting via SSL or authentication via LDAP?  They
are two different things.
> 
> Can you connect to your server via HTTPS and access a static resource like an HTML page
or image file?  If not, what happens when you try to connect?
> 
>> 
>> I created a .csr and a .jks using the java keytool. I got a cert using my .csr file
from digicert by downloading it to a .p7b file. I imported the .p7b file to my %jave_home%\bin\mykeystore.jks.
I then download from digicert the same cert but in a .pem file and imported the file to my
%jave_home5\jre\lib\security\cacerts.
>> 
>> Did I miss something here, do you need any other info?
> 
> - What is the specific version of Tomcat that you are using?
> - Do you see any errors in the log?
> - Include your server.xml, minus comments and minus any sensitive info like passwords
> 
> Dan
> 
>> 
>> Thank you,
>> Kyle
>> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> <server.xml>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message