Using Ldaps With Apacheds 1.5.5

Wed, 17 Dec 2008 09:22:13 -0800

I am attempting to enabled ldaps using the apacheds 1.5.5 revision 725332. I am unsure of where to specify the external keystore file I would like to use for secure authentication. The 1.0 branch used spring with the MutableServerConfuration bean but I cannot find where that should be set in the 1.5 branch. The apacheds server seems to have a TlsKeyGenerator now but it does not seem to be configurable outside of the source code.
Does apacheds only support its own keypair sets now? If no where do I specify my own keystore files? If yes do I have to edit the source to adjust the key generator parameters or is there an xbean adjustment for them? 


Assuming the server generates the keypair the wrapper.log shows that the 
ldaps service is started but then I receive the following error.



WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - 
[/127.0.0.1:33393] Unexpected exception forcing session to close: 
sending disconnect notice to client.
javax.net.ssl.SSLHandshakeException: SSL handshake failed. at 
org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)
at 
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at 
org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at 
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at 
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:220)
at 
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:264)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)

at java.lang.Thread.run(Thread.java:619)

Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, 
plaintext connection?
at 
com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:152)
at 
com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:754)

at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:669)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
at org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:657)

at 
org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:613)

at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:493)

at 
org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306)

at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
... 8 more


The SSL message exception leads me to think the server doesn't generate 
certificates needed for encryption which brings up the question of why 
should the ldaps service start if it is unable to be utilized?





















					Reply via email to