Did you find a way to get around with this error? On Friday, April 7, 2017 at 11:56:11 AM UTC+8, Marcio Gomes wrote: > > Hello guys, > I am setting up CAS5.x LDAP with SSL. The LDAP's server is configured with > a ssl certificate. The CN's certificate is not same LDAPs hostname. > So, we got the error: > java.security.cert.CertificateException: Hostname '[ldapserver]' does not > match the hostname in the server's certificate 'CN=anotherldapserver, > O=ORG, C=JP' > at > org.ldaptive.ssl.HostnameVerifyingTrustManager.checkCertificateTrusted(HostnameVerifyingTrustManager.java:79) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.ssl.HostnameVerifyingTrustManager.checkServerTrusted(HostnameVerifyingTrustManager.java:55) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.ssl.AggregateTrustManager.checkServerTrusted(AggregateTrustManager.java:107) > > ~[ldaptive-1.2.0.jar:?] > at > sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:922) > > ~[?:1.8.0_92] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) > > ~[?:1.8.0_92] > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) > ~[?:1.8.0_92] > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) > ~[?:1.8.0_92] > at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) > ~[?:1.8.0_92] > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) > ~[?:1.8.0_92] > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) > > ~[?:1.8.0_92] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) > ~[?:1.8.0_92] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) > ~[?:1.8.0_92] > at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376) > ~[?:1.8.0_92] > at com.sun.jndi.ldap.Connection.<init>(Connection.java:203) ~[?:1.8.0_92] > at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[?:1.8.0_92] > at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614) > ~[?:1.8.0_92] > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746) ~[?:1.8.0_92] > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[?:1.8.0_92] > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) > ~[?:1.8.0_92] > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) > ~[?:1.8.0_92] > at > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) > ~[?:1.8.0_92] > at > com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) > ~[?:1.8.0_92] > at > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) > ~[?:1.8.0_92] > at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) > ~[?:1.8.0_92] > at javax.naming.InitialContext.init(InitialContext.java:244) ~[?:1.8.0_92] > at > javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > ~[?:1.8.0_92] > at > org.ldaptive.provider.jndi.JndiConnectionFactory.createInternal(JndiConnectionFactory.java:87) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.provider.jndi.JndiConnectionFactory.createInternal(JndiConnectionFactory.java:21) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.provider.AbstractProviderConnectionFactory.create(AbstractProviderConnectionFactory.java:84) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.DefaultConnectionFactory$DefaultConnection.open(DefaultConnectionFactory.java:267) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.pool.AbstractConnectionPool.createConnection(AbstractConnectionPool.java:437) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.pool.AbstractConnectionPool.createAvailableConnection(AbstractConnectionPool.java:476) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.pool.AbstractConnectionPool.grow(AbstractConnectionPool.java:326) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:235) > > ~[ldaptive-1.2.0.jar:?] > at > org.apereo.cas.configuration.support.Beans.newBlockingConnectionPool(Beans.java:400) > > ~[cas-server-core-configuration-5.0.3.1.jar:5.0.3.1] > at > org.apereo.cas.configuration.support.Beans.newPooledConnectionFactory(Beans.java:411) > > ~[cas-server-core-configuration-5.0.3.1.jar:5.0.3.1] > at > org.apereo.cas.adaptors.ldap.services.config.LdapServiceRegistryConfiguration.ldapServiceRegistryDao(LdapServiceRegistryConfiguration.java:44) > > I tryed to insert into deployerConfigContext.xml file: > <bean id="sslConfig" > class="org.ldaptive.ssl.SslConfig"> > <constructor-arg ref="defaultTrustManager"/> > </bean> > <bean id="defaultTrustManager" > class="org.ldaptive.ssl.DefaultTrustManager" /> > > But didnt work :( > > May you help me to connect to this ldap server with ssl?? > > thanks >
-- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9843a746-a1ee-4925-91c2-2eab066a7be6%40apereo.org.
