On Fri, May 28, 2010 at 9:39 AM, s g <[email protected]> wrote: > >> javax.naming.CommunicationException: simple bind failed: >> vcheung-181.lab.xxxx.net:636 [Root exception is >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: Netscape cert type does not >> permit use for SSL server] >> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197) >> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2658) >> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287) >> > You probably have your certs round the wrong way. The server cert (on the ldap server) should have 'SSL Server' usage flag the client cert (on the ldap client) should have 'SSL Client' usage flag.
The usage flags are embedded when you make the csr (certificate request) which will then usually be reflected in the generated certificate, unless your CA overrides them. Do a "openssl x509 -in <cert file> -noout -text" to compare the two certificates. Cheers Brett
