I remember having had problems when trying to set SSL with OpenSSL when I first tried.
Can you check this page and tell us if it works for you ? :
http://docs.safehaus.org/display/APACHEDS/SSL+Enabling
Thanks fro the feedback.
Emmanuel
On 9/8/06, Tony Blanchard <
[EMAIL PROTECTED]> wrote:
Hi all,
I have a strange behavior with the SUN ldap certStore provider when
trying to find pkiCA entry...
With openSSL:
I created a self signed certificate for a CA. (PEM format and RSA key)
I created another certificate for two users A and B (PEM format and RSA
key). I have requested signature from the previous created CA for each
one. I revoke certificate for A and generate a crl whith openssl. Then I
transform this crl in a pkcs7 crl for java SUN provider understanding.
Those two certificates have an issuer for
OU=MyOrganization,DC=example,DC=com
So I create a pkiCa and organizationlUnit entry at
OU=MyOrganization,DC=example,DC=com on the server.
In this entry, i put the caCertificate, the
certificateRevocationLists(CRL in PKCS7) and the
authorityRevocationList(Same CRL in PKCS7) values.
I enable Anonymous access on my apacheds server...
When executing the following code, I generate a unexpected exception
which closes server connexion...
LDAPCertStoreParameter lParams = new LDAPCertStoreParameter("localhost",
10389);
lCertStore = CertStore.getInstance("LDAP", lParams, "SUN");
X509CRLSelector = new X509CRLSelector();
lCRLSelector.setCertificateChecking(pCertificate);
lCrlCollection = certStore.getCRLs (lCRLSelector); // lCRLCoolection is
returned empty even if it should contain a crl for A and the logging
file apacheds-rolling.log shows that a server connection closed... There
is no exception shown from SUN CertStore provider. It is very silent.
Extract of apacheds-rolling.log:
[12:12:10] WARN
[org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler]
- [/127.0.0.1:1235] Unexpected exception forcing session to close:
sending disconnect notice to client.
java.io.IOException: Une connexion existante a dû être fermée par l'hôte
distant
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer (Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java :271)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:42)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566)
[12:12:10] WARN
[org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler]
- [/127.0.0.1:1236] Unexpected exception forcing session to close:
sending disconnect notice to client.
java.io.IOException: Une connexion existante a dû être fermée par l'hôte
distant
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read (Unknown Source)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)
at sun.nio.ch.IOUtil.read(Unknown Source)
at sun.nio.ch.SocketChannelImpl.read(Unknown Source)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.read (SocketIoProcessor.java:271)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:245)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java :42)
at
org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:566)
Does anyone has a clue on what happens. Is it a bug from apacheds or SUN
CertStore provider?
Thanks for help,
Tony
--
Cordialement,
Emmanuel Lécharny