I think that we did. We have a cacert.pem that is used by all the command line tools for that purpose. I think our problem is in the keystore/keymanager but I'm new to that part of Java so I'm having some difficulty verifying that it was done correctly. I'm saying "we" here because this code has been worked on by various members of the team over time (BTW).
So just to narrow down what to look at... if we have the cacert properly in the keystore then the Apache LDAP API will find it on it's own correct? On the LdapConnectionConfig we're setting setUseTls(). Do we also need to setTrustManagers() as well? Thanks, Frank On Wed, Apr 6, 2016 at 5:23 PM, Lucas Theisen <lucasthei...@pastdev.com> wrote: > Did you ensure that your Java trust store contains the certificate > authority that signed your server certificate? > On Apr 6, 2016 5:15 PM, "Frank Crow" <fjcrow2...@gmail.com> wrote: > > > Can anyone help me figure out how to debug this? I have an OpenLDAP > > server on the backend and everything else (i.e., command line tools or > C++ > > code) can connect to it with simple binds and TLS but our application > with > > the Apache LDAP API cannot. > > > > It always gives us "SSL Handshake failed" and this stack dump: > > > > 2016-04-06 21:05:41,145 ERROR unable to bind connection: SSL handshake > > > failed. > > > 2016-04-06 21:05:41,145 DEBUG unable to bind connection: > > > > > > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > > > SSL handshake failed. > > > at > > > > > > org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:4005) > > > at > > > > > > org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1218) > > > at > > > > > > org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1116) > > > at > > > > > > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:127) > > > at > > > > > > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:112) > > > at > > > > > > org.apache.directory.ldap.client.api.DefaultLdapConnectionFactory.bindConnection(DefaultLdapConnectionFactory.java:64) > > > at > > > > > > org.apache.directory.ldap.client.api.DefaultLdapConnectionFactory.newLdapConnection(DefaultLdapConnectionFactory.java:107) > > > at > > > > > > org.apache.directory.ldap.client.api.ValidatingPoolableLdapConnectionFactory.makeObject(ValidatingPoolableLdapConnectionFactory.java:129) > > > at > > > > > > org.apache.directory.ldap.client.api.ValidatingPoolableLdapConnectionFactory.makeObject(ValidatingPoolableLdapConnectionFactory.java:44) > > > at > > > > > > org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1188) > > > at > > > > > > org.apache.directory.ldap.client.api.LdapConnectionPool.getConnection(LdapConnectionPool.java:123) > > > at > > > > > > org.apache.directory.ldap.client.template.LdapConnectionTemplate.search(LdapConnectionTemplate.java:666) > > > at > > > > > > org.apache.directory.ldap.client.template.LdapConnectionTemplate.searchFirst(LdapConnectionTemplate.java:607) > > > at > > > > > > org.apache.directory.ldap.client.template.LdapConnectionTemplate.searchFirst(LdapConnectionTemplate.java:581) > > > at > > > > csa.ums.ldap.wrapper.LdapWrapper$LdapConnectionMonitorWorker.run(Unknown > > > Source) > > > at > > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > > > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) > > > at > > > > > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) > > > at > > > > > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) > > > at > > > > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > > > at > > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > > > at java.lang.Thread.run(Thread.java:745) > > > 2016-04-06 21:05:41,146 WARN [LDAP Service Interruption] Connection to > > > the LDAP server a22a1a19 failed: > > > > > > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > > > SSL handshake failed. > > > 2016-04-06 21:05:41,146 INFO [LDAP Service Interruption] Switching to > > > server localhost > > > 2016-04-06 21:05:41,148 DEBUG found X509TrustManager > > > sun.security.ssl.X509TrustManagerImpl@32eabe1d > > > 2016-04-06 21:05:41,148 DEBUG creating new connection template from > > > connectionPool > > > > > > I can provide a clip of the code if necessary but I was hoping on methods > > of debugging this ourselves. > > > > > > Thanks, > > -- > > Frank > > > -- Frank
