can you check if you are using the correct port when SSL is used to connect, by default ApacheDS accepts SSL connections on port 10636
On Wed, Feb 27, 2013 at 6:08 PM, <[email protected]> wrote: > Hello, > > I am currently working with version M12 of the Apache LDAP API (this was > the latest version when I began to develop). The connection to the LDAP > server is established without SSL, and it works fine. > > Due to security reasons we want to change the connection to SSL. So I > created a keystore file .keystore which includes the same certificate which > I am using with the Apache Directory Studio Client to connect to the LDAP > server via SSL. In the Apache Directory Studio Client, the certificate > works without problems. Trying to connect with the LDAP API results in > InvalidConnectionException at the connection.bind statement. > > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > SSL handshake failed. > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:3808) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1170) > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1075) > at > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:120) > at > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:105) > at TestSSL.main(TestSSL.java:50) > > Here the code to connect to the LDAP server with the LDAP API: > > boolean useSSL = true; > LdapNetworkConnection connection = null; > LdapConnectionConfig ldapConnectionConfig = null; > if (useSSL) { > ldapConnectionConfig = new LdapConnectionConfig(); > ldapConnectionConfig.setUseSsl(true); > ldapConnectionConfig.setLdapHost(<host>); > ldapConnectionConfig.setLdapPort(<port>); > ldapConnectionConfig.setSslProtocol("SSLv3"); > char[] pw = null; > KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); > try { > FileInputStream fis = new FileInputStream(".keystore"); > pw = new String("<password>").toCharArray(); > ks.load(fis, pw); > } > catch (Exception e) { > e.printStackTrace(); > } > KeyManagerFactory keyManagerFactory = > KeyManagerFactory.getInstance("SunX509"); > keyManagerFactory.init(ks, pw); > KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); > ldapConnectionConfig.setKeyManagers(keyManagers); > connection = new LdapNetworkConnection(ldapConnectionConfig); > } > else { > connection = new LdapNetworkConnection(<host>, <port>); > } > try { > connection.bind(<bind string>, <password>); > ... > With useSSL=false the program works right. > > Does anyone have an idea what is missing? Could you provide me an example > which is working? > > Thank you very much. > > Regards > Michael Schmitz > > T-Systems International GmbH > Systems Integration > GDC Big Data & BI SC BI & CRM > Michael Schmitz > Senior Consultant > Hausadresse: Fasanenweg 5, 70771 Leinfelden-Echterdingen > Postanschrift: Postfach 100258, 70746 Leinfelden > Neu: Telefon: +49 (711) 999 - 7717 > Mobil: +49 (170) 863 1918 > E-Mail: [email protected] > Internet: <http://www.t-systems.com<http://www.t-systems.com/>> > T-Systems International< > https://systemsnet.telekom.de/tool/de_systemswiki/index.php/Enterprise_Services> > GmbH > Aufsichtsrat< > https://systemsnet.telekom.de/tool/de_systemswiki/index.php/Aufsichtsrat>: > René Obermann (Vorsitzender) > Geschäftsführung: Reinhard Clemens (Vorsitzender), Dr. Ferri Abolhassan, > Dr. Markus Müller, Georg Pepping, Hagen Rickmann, Klaus Werner > Handelsregister: Amtsgericht Frankfurt am Main HRB 55933 > Sitz der Gesellschaft: Frankfurt am Main > WEEE-Reg.-Nr. DE50335567 > > Notice: This transmittal and/or attachments may be privileged or > confidential. If you are not the intended recipient, you are hereby > notified that you have received this transmittal in error; any review, > dissemination, or copying is strictly prohibited. If you received this > transmittal in error, please notify us immediately by reply and immediately > delete this message and all its attachments. Thank you. > > > -- Kiran Ayyagari http://keydap.com
