Hi Josh,
sounds like a couple of weird things happening. JX should prompt
to accept the certificate the first time you try to connect.
What version of JX are you using, and what platform? And can you
send the trace of what happens when you run jxplorer.sh?
Passwords for the keystores are in the help; they're the standard
java keystore passwords 'changeit' for server cert store and
'passphrase' for the client key store. Try loading your server cert
manually into the server cert store and see if that helps.
(Obligatory advertisement - we've just released the JX keytool as
a standalone component - an executable jar file; you can download it
from sourceforge at
http://sourceforge.net/project/showfiles.php?group_id=55394&package_id=52565&release_id=624635
'SmartKeyTool.jar' )
I *think* you can do tricks with digest_md5 as part of the GSSAPI
stuff can't you? I'm a bit vague on the details...
- Chris
On Wed, Sep 17, 2008 at 6:20 AM, Joshua J. Kugler <[EMAIL PROTECTED]> wrote:
> On Monday 15 September 2008, Chris Betts said something like:
>> Hi Josh,
>>
>> interesting question - the short answer is "not without a lot of
>> hackery". However JX should already prompt you to accept an SSL
>> certificate you haven't seen before during the handshake...
>
> Hmm, doesn't seem to be doing that. I get this as part of my traceback:
>
> WARNING: initial receipt of exception by jndi broker simple bind failed:
> skt-mt-
> si-dc1.skt.pri:636
> javax.naming.CommunicationException: simple bind failed:
> skt-mt-si-dc1.skt.pri:6
> 36 [Root exception is javax.net.ssl.SSLHandshakeException:
> java.security.cert.Ce
> rtificateException: Invalid Server Certificate: server certificate could
> not be
> verified, and the CA certificate is missing from the certificate chain.
> raw erro
> r: sun.security.validator.ValidatorException: PKIX path building failed:
> sun.sec
> urity.provider.certpath.SunCertPathBuilderException: unable to find
> valid certif
> ication path to requested target]
>
> And it just gives me an error, no prompt to accept the cert.
>
> Oh, by the way, what is the password to the key store? I tried to
> change the password using a blank current password, but it said it was
> wrong.
>
> Here's another one: if I run jxplorer.sh, it dies and tells me to run
> with the 'console' option. Then, I run with 'console,' and it runs
> fine. :)
>
> Any plans to do things like digest_md5 for sasl without having to use
> the key store?
>
> j
>
>>
>> - Chris
>>
>> On Tue, Sep 16, 2008 at 10:59 AM, Joshua J. Kugler
>>
>> <[EMAIL PROTECTED]> wrote:
>> > I've been connecting to an AD server via a Python script using SASL
>> > (Digest MD5), but no SSL. It works fine. But, in JXplorer, I
>> > there is no option to do SASL without SSL. Is there any way to do
>> > it?
>> >
>> > Or alternately, is there a way to get JXplorer to prompt for
>> > accepting the SSL certificate, since I don't have it yet?
>> >
>> > Thanks!
>> >
>> > j
>> >
>> > --
>> > Joshua Kugler
>> > Part-Time System Admin/Programmer
>> > http://www.eeinternet.com
>> > PGP Key: http://pgp.mit.edu/ ID 0xDB26D7CE
>> >
>> > -------------------------------------------------------------------
>> >------ This SF.Net email is sponsored by the Moblin Your Move
>> > Developer's challenge Build the coolest Linux based applications
>> > with Moblin SDK & win great prizes Grand prize is a trip for two to
>> > an Open Source event anywhere in the world
>> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> > _______________________________________________
>> > Jxplorer-users mailing list
>> > Jxplorer-users@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/jxplorer-users
>>
>> ---------------------------------------------------------------------
>>---- This SF.Net email is sponsored by the Moblin Your Move
>> Developer's challenge Build the coolest Linux based applications with
>> Moblin SDK & win great prizes Grand prize is a trip for two to an
>> Open Source event anywhere in the world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>> _______________________________________________
>> Jxplorer-users mailing list
>> Jxplorer-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/jxplorer-users
>>
>> !DSPAM:22,48cf23db38552057315837!
>
>
>
> --
> Joshua Kugler
> Part-Time System Admin/Programmer
> http://www.eeinternet.com
> PGP Key: http://pgp.mit.edu/ ID 0xDB26D7CE
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Jxplorer-users mailing list
> Jxplorer-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/jxplorer-users
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Jxplorer-users mailing list
Jxplorer-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jxplorer-users
