Hi, I'm wondering if someone can shed a light if it is possible to run ApacheDS by using Keystore that have multiple entries.
Previously I have it set up using self-signed which works fine but my colleague give me an existing Keystore that have company's wildcard certificate + chain. I got error message [19:55:06] ERROR [org.apache.directory.server.UberjarMain] - Failed to start the service. java.security.KeyStoreException: Key store contains more than one entry at org.apache.directory.server.ldap.LdapServer.loadKeyStore(LdapServer.java:413) at org.apache.directory.server.ldap.LdapServer.start(LdapServer.java:509) at org.apache.directory.server.ApacheDsService.startLdap(ApacheDsService.java:423) at org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:200) at org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:152) at org.apache.directory.server.UberjarMain.start(UberjarMain.java:151) at org.apache.directory.server.UberjarMain.main(UberjarMain.java:77) I thought I could get it working by simply removing the certificate chain, but apparently it doesn't work as well [19:58:28] ERROR [org.apache.directory.server.UberjarMain] - Failed to start the service. java.security.UnrecoverableKeyException: Cannot recover key at sun.security.provider.KeyProtector.recover(KeyProtector.java:328) at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:138) at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55) at java.security.KeyStore.getKey(KeyStore.java:804) at org.apache.directory.server.ldap.LdapServer.loadKeyStore(LdapServer.java:423) at org.apache.directory.server.ldap.LdapServer.start(LdapServer.java:509) at org.apache.directory.server.ApacheDsService.startLdap(ApacheDsService.java:423) at org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:200) at org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:152) at org.apache.directory.server.UberjarMain.start(UberjarMain.java:151) at org.apache.directory.server.UberjarMain.main(UberjarMain.java:77) So, if it is not possible what is the best way to use SSL certificate for ApacheDS ? I try to follow instruction from the ApacheDS site but it seems like it concentrate mainly on the self-signed certificate. If someone can give me pointer would be great. Regards, Johanes
