LDAP 636,error: unable to find valid certification path to requested target
javax.naming.CommunicationException: simple bind failed: rhein:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
I have installed the certificate i made on the w2k server and on the xp client. on the client i imported the certificate into a keystore with help of portecle a sourceforge app. the keystore i put in the java/jre/lib/security directory there are also other Certificates.
When i try to connect from my client through port 636 with SSL to the w2k server`s Active Directory I get the top error message. What is wrong with my certification path ?
[775 byte] By [
4tha] at [2007-11-27 9:26:36]
# 1
ok i solved that problem, i used the wrong string path for the keystore path...
thats the proper code:
public void actionPerformed(ActionEvent e)
{
if (e.getSource().equals(pwBT))
{
String benutzername = benutzernameTF.getText();
String kennwort = kennwortTF.getText();
Hashtable env = new Hashtable();
String keystore = "C:/Programme/Java/jre1.6.0_01/lib/security/ZertifikatBerlin";
System.setProperty("javax.net.ssl.trustStore",keystore);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,"ldaps://rhein:636/dc=bodensee,dc=de");
env.put(Context.SECURITY_PROTOCOL,"SSL");
env.put(Context.SECURITY_AUTHENTICATION, "Simple");
env.put(Context.SECURITY_PRINCIPAL, benutzername);
env.put(Context.SECURITY_CREDENTIALS,kennwort);
try
{
ctx = new InitialContext(env);
programmstatusTF.setText("Verbindung aufgebaut");
ctx.close();
}
catch (Exception er)
{
programmstatusTF.setText(er.toString());
}
}
}
The question is now as i dont get anymore an error code as before and i seem to be connected now to the ldap server. Shouldn`t a window popup containing my certificate what I as a client must confirm ?
4tha at 2007-7-12 22:23:46 >
# 2
No, you will not be prompted for a certificate in this case.
All you are doing is executing the LDAP connection over SSL (LDAPS using port 636).
From a PKI perspective, all you have done is add the public key from the Certificate Authority that issued the PKI certificate to your domain controller, into your PKI trust path. You are not presenting any certificates to the domain controller.
If you want to use a PKI certificate to authenticate yourself to the domain controller, refer to the post titled "JNDI, Active Directory & Authentication (part 4) (SASL EXTERNAL)" available at http://forum.java.sun.com/thread.jspa?threadID=641047&tstart=0
However I am not sure whether this will pop-up a certificate selection dialog. It is only in the most recent version of the Sun JRE, that Java integrates with the Windows certificate store. I don't know whether this integration also extends to certifcate selection.
# 3
thank you very much!!!I dont need that certificate selection, i just thought if it doesnt show up the certificate wont work, but when you say its not a MUST DO then i dont need it ;-)cheers,4th aka buddylight (i could not login with old account...)
4tha at 2007-7-12 22:23:46 >
