trusting Win2000 certificate
Hi..
I've been trying to trust my own Win 2000 certificate for a week by now and I still
can't figure how to do it. I would like to create users (with password) in
Active Directory using a java program (and LDAP) and in order to do it, I have to
make an SSL connection to ADS.
So.. this is what I'm trying to do, but I'm experiencing some trouble.
My Certificate Server seems to work well since I can use https and certificates
to protect web pages.
So, I downloaded my CA certificate (through http://myserver/certsrv) and I imported
it sucessfully using the keytool utility. I know I did it all correctly since
I am able to initialize an ssl connection on port 443 (https) with the following code:
SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket)factory.createSocket("myserver", 443);
System.out.println("before");
socket.startHandshake();
System.out.println("after");
socket.close();
My problem is that if I change the port for 636, which is the port used by Active
Directory for SSL connections, I get an "untrusted server cert chain" error.
In the debug ssl info, it says "issuer != subject DN"
I suspect that my problem may come from my server configuration because the same
java code works on port 443.
If you have any idea of what may be my problem, please do not hesitate to reply
here or directly to my email address (mathieu.girard@ssq.ca)
thanx!!
Mathieu Girard
mathieu.girard@ssq.ca
