> Am I going wrong, when I'm waiting for him? Is there a way to obtain by > myself that certificate and test again the ldaps connection?
If you can connect to the port, you can get the certificate assuming it is really talking SSL/TLS: openssl s_client -showcerts -connect your.ad.host:3269 The PEM-encoded certificates in the cert chain will appear in the output of the command, and by inspection you can determine which one is the cert of the host you are connecting to. Save the PEM-encoded cert to a file, and import into the keystore. If you are using the keytool command-line tool supplied with the JDK, you will need to convert the PEM-encoded cert to DER encoding: openssl x509 -in your.ad.host-cert.pem -out your.ad.host-cert.der -outform der Hope that helps, M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
