Hi Chris, how are you? I am sorry by my delay...I am testing that you told me. Please, let test again in order to see if I can solve the issue. I will let you know. Thanks a lot and have a good weekend... Jesus Ostos.
-----Mensaje original----- De: Chris Selwyn [mailto:ch...@selwyn-family.me.uk] Enviado el: Friday, August 06, 2010 11:20 AM Para: jxplorer-users@lists.sourceforge.net Asunto: Re: [Jxplorer-users] Please help... Trying to get mutual SSL authentication to work Unfortunately, the answer appears to be "no". As far as I can tell the only way the JXplorer uses the client keystore when SSL+SASL is selected. It doesn't seem to be allow the client keystore to be used in the "SSL + anonymous" case... Is this true? The directory that I am connecting to uses mutual authentication at the SSL level but does not use SASL to identify to the directory who is connecting... connection at the directory level is done anonymously. Can someone please conform whether or not my findings are true and whether or not it is possible to get JXplorer to allow the client keystore to be used in the "SSL + anonymous" case. Chris On 05/08/2010 22:36, Chris Selwyn wrote: > I think I worked it out... > > I think I need to use Level = "SSL + SASL + Keystore password"... correct? > > Chris > > On 05/08/2010 20:33, Chris Selwyn wrote: >> I am using JXplorer 3.2.1 >> >> I have been trying to get a connection to an LDAP server working that >> requires mutual SSL authentication. >> >> I have set the Level to "SSL + Anonymous". >> Using truss on Solaris, I can see JXplorer loading the cacerts file but >> I cannot see it loading the clientcerts file. >> When I try the connect, I get a "Received fatal alert: bad_certificate". >> I have looked at the log that is generated when I set >> "javax.net.debug=all" and I can see that the client is not sending a >> certificate chain in response to the ServerHelloDone. >> It appears to be ignoring the option.ssl.clientcerts completely. >> >> Is there something that I am missing to cause the clientcerts file to >> get loaded and hence a client certificate to be sent? >> >> Chris Selwyn >> >> >> ---------------------------------------------------------------------------- -- >> This SF.net email is sponsored by >> >> Make an app they can't live without >> Enter the BlackBerry Developer Challenge >> http://p.sf.net/sfu/RIM-dev2dev >> _______________________________________________ >> Jxplorer-users mailing list >> Jxplorer-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/jxplorer-users > ---------------------------------------------------------------------------- -- > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > Jxplorer-users mailing list > Jxplorer-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/jxplorer-users ---------------------------------------------------------------------------- -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Jxplorer-users mailing list Jxplorer-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jxplorer-users ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Jxplorer-users mailing list Jxplorer-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jxplorer-users