Hi William,
William Wilkins wrote:
I am attempting to enabled ldaps using the apacheds 1.5.5 revision
725332. I am unsure of where to specify the external keystore file I
would like to use for secure authentication. The 1.0 branch used spring
with the MutableServerConfuration bean but I cannot find where that
should be set in the 1.5 branch. The apacheds server seems to have a
TlsKeyGenerator now but it does not seem to be configurable outside of
the source code.
In 1.5, ApacheDS creates a Key Pair when it starts the first time, and
stores it in the DIT.
To be more concrete the keys are stored in the entry uid=admin,ou=system
It is possible to change the values, but unfortunatly, there is no
tooling to support you here.
Does apacheds only support its own keypair sets now? If no where do I
specify my own keystore files? If yes do I have to edit the source to
adjust the key generator parameters or is there an xbean adjustment for
them?
Currently, I assume yes. Does anybody know it better on the list?
Assuming the server generates the keypair the wrapper.log shows that the
ldaps service is started but then I receive the following error.
WARN [org.apache.directory.server.ldap.LdapProtocolHandler] -
[/127.0.0.1:33393] Unexpected exception forcing session to close:
sending disconnect notice to client.
javax.net.ssl.SSLHandshakeException: SSL handshake failed. at
org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)
at ...
The SSL message exception leads me to think the server doesn't generate
certificates needed for encryption which brings up the question of why
should the ldaps service start if it is unable to be utilized?
I assume the error occures because the client does not trust the
certificate, the server creates.
At least I am able to connect to my 1.5.4 server with SSL, if I use a
client which does not trust the certificate, I get the same error.
