Did you ensure that your Java trust store contains the certificate authority that signed your server certificate? On Apr 6, 2016 5:15 PM, "Frank Crow" <[email protected]> wrote:
> Can anyone help me figure out how to debug this? I have an OpenLDAP > server on the backend and everything else (i.e., command line tools or C++ > code) can connect to it with simple binds and TLS but our application with > the Apache LDAP API cannot. > > It always gives us "SSL Handshake failed" and this stack dump: > > 2016-04-06 21:05:41,145 ERROR unable to bind connection: SSL handshake > > failed. > > 2016-04-06 21:05:41,145 DEBUG unable to bind connection: > > > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > > SSL handshake failed. > > at > > > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:4005) > > at > > > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1218) > > at > > > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1116) > > at > > > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:127) > > at > > > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:112) > > at > > > org.apache.directory.ldap.client.api.DefaultLdapConnectionFactory.bindConnection(DefaultLdapConnectionFactory.java:64) > > at > > > org.apache.directory.ldap.client.api.DefaultLdapConnectionFactory.newLdapConnection(DefaultLdapConnectionFactory.java:107) > > at > > > org.apache.directory.ldap.client.api.ValidatingPoolableLdapConnectionFactory.makeObject(ValidatingPoolableLdapConnectionFactory.java:129) > > at > > > org.apache.directory.ldap.client.api.ValidatingPoolableLdapConnectionFactory.makeObject(ValidatingPoolableLdapConnectionFactory.java:44) > > at > > > org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1188) > > at > > > org.apache.directory.ldap.client.api.LdapConnectionPool.getConnection(LdapConnectionPool.java:123) > > at > > > org.apache.directory.ldap.client.template.LdapConnectionTemplate.search(LdapConnectionTemplate.java:666) > > at > > > org.apache.directory.ldap.client.template.LdapConnectionTemplate.searchFirst(LdapConnectionTemplate.java:607) > > at > > > org.apache.directory.ldap.client.template.LdapConnectionTemplate.searchFirst(LdapConnectionTemplate.java:581) > > at > > csa.ums.ldap.wrapper.LdapWrapper$LdapConnectionMonitorWorker.run(Unknown > > Source) > > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) > > at > > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) > > at > > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) > > at > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > > at > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > > at java.lang.Thread.run(Thread.java:745) > > 2016-04-06 21:05:41,146 WARN [LDAP Service Interruption] Connection to > > the LDAP server a22a1a19 failed: > > > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > > SSL handshake failed. > > 2016-04-06 21:05:41,146 INFO [LDAP Service Interruption] Switching to > > server localhost > > 2016-04-06 21:05:41,148 DEBUG found X509TrustManager > > sun.security.ssl.X509TrustManagerImpl@32eabe1d > > 2016-04-06 21:05:41,148 DEBUG creating new connection template from > > connectionPool > > > I can provide a clip of the code if necessary but I was hoping on methods > of debugging this ourselves. > > > Thanks, > -- > Frank >
