Any idea how to install authority certificates for server authentication on SSL? I'm trying to get an ldaps: connection to OID, and to test it out it looks like I will need to put in a test root certificate.
I can't see where the SSL engine get's it's configuration from.
Of course it's made more complex by the factory/interface pattern used, to allow multiple implementations of SSL.
Well, the good news is; I've sorted it and can get an LDAPS connection. The bad news; it doesn't help. I still get NoPermissionException when I try to modify a user.
For anyone with similar problems, the certificates are in $JAVA_HOME/jre/lib/security/cacerts. Install certs with keytool -import.
The initial password is "changeit".
> For anyone with similar problems, the certificates are in
> $JAVA_HOME/jre/lib/security/cacerts. Install certs with keytool -import.
>
> The initial password is "changeit".
okay.... what are we supposed to do with that?
It sounds like you haven't created a certificate which actually identifies a valid user. Or that user doesn't have permissions to do the stuff you are trying to do.
Not sure how to import certificates from older versions or on a linux but my 1.5 windows there is a tool called javacpl.exe in the jre bin directory.
Since 1.5 the password of the keystores is not changeit anymore, anyway
starting that program gives me the option to import certificates for several
purposes (signed CA, client auth ...).
Security tab, Certificates button, client auth for the cert type dropdown.
You could try to import your cert there.
There is also the debug option when running your app:
java -Djavax.net.debug=all YourClass
There is also the option of creating your own keystore and importing the cert
in there. You can export the public version of your private key to give to the server
used for authentication.Both keystores need each other's public version of the private key for authentication on the server and client.
The option to use your keystore when running the app is:
java -Djavax.net.ssl.keyStore=MyStore -Djavax.net.ssl.keyStorePassword=pwd YourClass
>
> okay.... what are we supposed to do with that?
>
> It sounds like you haven't created a certificate
> which actually identifies a valid user. Or that user
> doesn't have permissions to do the stuff you are
> trying to do.
For the moment I'm using a trial SSL certificate from Verisign. This requires a special Root certificate to be installed in systems that connection to the SSL.
That means dowloading the root certificate from Verisign and installing it into the JRE.
The user certificate goes into the OID server via an Oracle Wallet.
