This is the configuration I'm using:
from deployerConfigContext.xml
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.X509CredentialConfig"
p:trustCertificates="${ldap.trustedCert}" />
</property>
</bean>
from cas.properties (included is the link to the documentation I'm following)
# Putting this in based on example at
http://jasig.github.io/cas/4.1.x/installation/LDAP-Authentication.html (LDAP
Requiring Authentication)
#ldap.trustedCert=file:///c:/java/jre7/lib/security/cacerts
ldap.trustedCert=file:///c:/Program
Files/Java/jdk1.7.0_21/jre/lib/security/cacerts
Don't know if I mentioned this is my first email, but I used the same
configuration to connect to our test ldap server using ldaps and that worked.
I'm now configuring for our production ldap server using ldaps and I get the
error. I've imported root and intermediate certificates for both test and
production ldap servers into the same cacerts files and did not have this
problem when connecting to the test ldap server. Thanks in advance for any
advice.
----
Allan Axon
Delivery Services, Enterprise Applications and GIS Manager
Information Technology Services
NC Department of Environmental Quality
919-707-8913
----
Email correspondence to and from this address is subject to the North Carolina
Public Records Law and may be disclosed to third parties unless the content is
exempt by statute or other regulation.
From: Daniel Fisher [mailto:[email protected]]
Sent: Friday, February 26, 2016 11:19 PM
To: [email protected]
Subject: Re: [cas-user] ldap trusted certs error: java.io.IOException: Empty
input
On Fri, Feb 26, 2016 at 10:50 PM, Axon, Allan
<[email protected]<mailto:[email protected]>> wrote:
Caused by: java.security.cert.CertificateException: Could not parse
certificate: java.io.IOException: Empty input
at
sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
at
java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at
org.ldaptive.ssl.X509CertificatesCredentialReader.read(X509CertificatesCredentialReader.java:45)
at
org.ldaptive.ssl.X509CertificatesCredentialReader.read(X509CertificatesCredentialReader.java:31)
I would expect a different credential reader to be used if you are using
cacerts for trust. What does your LDAP SSL configuration look like?
--Daniel Fisher
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected]<mailto:[email protected]>.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
