Used LDAP Browser and it fails with the following message: CA certificate is not in the server certificate chain
So I've used the keytool to import the all three: 1 - Comodo CA 2 - the intermediate/root cert of the server 3 - the cert of the server itself. Restarted and it still complains with the above message. I'm confused as to which cert/s need to be imported using the keytool. On 12/10/2013 4:37 PM, Mahcsig wrote: > you can try ldap browser, > http://www.ldapbrowser.com/download.htm?download=browser > > > ~Mahcsig > > > On Tue, Dec 10, 2013 at 4:32 PM, Dan LeGate<[email protected]> wrote: > >> I've connected to the port using telnet and using a port scanner - both >> show the port is open. >> >> This is an LDAPS connection (port 636), so a standard web browser, or >> curl, etc., won't really work as a client, as far as I know. >> >> Dan >> >> On 12/10/2013 4:23 PM, .jonah wrote: >>> Can you connect to it via any other tools on the CF box? If you have >>> another client that might help determine whether it's a server/network >>> issue or a CF/Java issue. >>> >>> On 12/10/13 4:19 PM, Dan LeGate wrote: >>>> Okay, so I looked up how to and used the following command syntax: >>>> >>>> C:\CFusion\runtime\jre\bin\keytool.exe -import -v -alias aliasname -file >>>> C:\temp\certfile.cer -keystore >>>> C:\CFusion\runtime\jre\lib\security\cacerts -storepass password >>>> >>>> which imported successfully (verified with the list command). >>>> >>>> Restarted server (in case that is required). Still get socket closed. >> :-( >>>> I imported *just* the certificate from the server I'm connecting to. Do >>>> I need anything else in there? Like any of the intermediate/chain or >>>> root certs as well? >>>> >>>> Should I be importing some sort of combined certificate? Or just >>>> individually import one at a time? >>>> >>>> Any help is appreciated. >>>> >>>> Thanks, >>>> >>>> Dan >>>> >>>> On 12/10/2013 2:53 PM, Russ Michaels wrote: >>>>> Have u imported the ssl into the key store? >>>>> >>>>> Russ Michaels >>>>> www.michaels.me.uk >>>>> cfmldeveloper.com >>>>> cflive.net >>>>> cfsearch.com >>>>> On 10 Dec 2013 20:52, "Dan LeGate"<[email protected]> wrote: >>>>> >>>>>> I take it back... exact same code EXCEPT my code in outside the Custom >>>>>> Tag folder had excluded the PORT attribute, so I assume it was going >> to >>>>>> the non-SSL port and working fine. >>>>>> >>>>>> Once I added port = "636" to that code, exact same response: socket >> closed >>>>>> Again, the LDAPS (636) port is open to the ColdFusion server. >>>>>> >>>>>> I'm thinking it's an SSL issue. What steps need to be taken to ensure >>>>>> LDAPS communication works? >>>>>> >>>>>> Thanks! >>>>>> >>>>>> Dan >>>>>> >>>>>> On 12/10/2013 12:36 PM, Dan LeGate wrote: >>>>>>> Here's the weirdness I'm experiencing... >>>>>>> >>>>>>> I have a Custom Tag we've been using for years that is called from >> most >>>>>>> of our applications and authenticates them to a Sun LDAP server. >>>>>>> >>>>>>> We are moving to an Active Directory service, and when I attempt to >> do a >>>>>>> bind against the new system, I get: >>>>>>> >>>>>>> An error has occurred while trying to execute query : >> servername.com:636; >>>>>>> socket closed. >>>>>>> >>>>>>> However, if I run that SAME cfldap command in a .cfm file out in a >>>>>>> regular web folder (i.e. not as a Custom Tag under the ColdFusion >>>>>>> directory), it works fine! >>>>>>> >>>>>>> I have restarted the server to make sure any old Custom Tag code >> isn't >>>>>>> somehow cached. I have verified the SSL (636) port is open to the CF >>>>>>> server. >>>>>>> >>>>>>> Any ideas on this one? Very confused by this. >>>>>>> >>>>>>> Thanks for any feedback! >>>>>>> >>>>>>> Dan >>>>>>> >>>>>>> >> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357343 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
