Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Java Secure Socket Extension (JSSE)

Connection to LDAP with TLS : SSLHandshakeException

Hello,

I am trying without success to make aTLS connection to an OpenLdap directory. It works fromldapsearch but not with java code.

Here is what I have done :

-I added theauthority certificate (cacert.pem) in our keystore file (keystore.jks)

keytool -import -trustcacerts -keystore keystore.jks -alias cacert -file demoCA/cacert.pem

-I added theserver certificate (my_server_crt.pem) in our keystore file (keystore.jks)

keytool -import -trustcacerts -keystore keystore.jks -alias my_server -file my_server_crt.pem

-I added theclient certificate (certificate) in our keystore file (keystore.jks)

keytool -import -keystore keystore.jks -alias my_client -file certificate

Then I connect to the LDAP with the following code :

//(Defining env)

//Connection

LdapContext ctx =new InitialLdapContext(env,null);

StartTlsResponse tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());

tls.negotiate();

With the following environment variables defined :

-Djavax.net.ssl.trustStore=keystore.jks -Djavax.net.ssl.trustStorePassword=(our password)

Here is what I get when running with SSL traces activated :

(?

main, WRITE: TLSv1 Handshake, length = 32

waitingfor close_notify or alert: state 1

main, READ: TLSv1 Alert, length = 2

main, RECV TLSv1 ALERT: fatal, handshake_failure

main, called closeSocket()

Exceptionwhile waitingfor close javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

main, called close()

main, called closeInternal(true)

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(DashoA6275)

at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SunJSSE_az.j(DashoA6275)

at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)

at com.sun.jndi.ldap.ext.StartTlsResponseImpl.startHandshake(StartTlsResponseImpl.java:338)

at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:202)

at com.sun.jndi.ldap.ext.StartTlsResponseImpl.negotiate(StartTlsResponseImpl.java:155)

at test2.StartTls.main(StartTls.java:69)

Thank you for your help,

Mikael

[3585 byte] By [mikaeltoulousea] at [2007-10-2 9:25:34]
«« Need help on "usr/bin/java -Dname=BillingSO -Xms64m -Xmx128m -Dthreads=9"
»» JSF apps running on the Internet ?
# 1

For information, this problem was finally solved.

We only need to have:

-in the JKS truststore (javax.net.ssl.trustStore

) , the authority certificate ;

-in the JKS keystore (javax.net.ssl.keyStore

) , the client certificate. This was not provided in our configuration.

Furthermore, we need to give the property javax.net.ssl.keyStorePassword

and not trustStorePassword

.

mikaeltoulousea at 2007-7-16 23:32:19 > top of Java-index,Security,Java Secure Socket Extension (JSSE)...
Security
Java Secure Socket Extension (JSSE)

Security New Topic

Security Hot Topic

Security

All Classified