Did you find a way to get around with this error? On Friday, April 7, 2017 at 11:56:11 AM UTC+8, Marcio Gomes wrote: > > Hello guys, > I am setting up CAS5.x LDAP with SSL. The LDAP's server is configured with > a ssl certificate. The CN's certificate is not same LDAPs hostname. > So, we got the error: > java.security.cert.CertificateException: Hostname '[ldapserver]' does not > match the hostname in the server's certificate 'CN=anotherldapserver, > O=ORG, C=JP' > at > org.ldaptive.ssl.HostnameVerifyingTrustManager.checkCertificateTrusted(HostnameVerifyingTrustManager.java:79) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.ssl.HostnameVerifyingTrustManager.checkServerTrusted(HostnameVerifyingTrustManager.java:55) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.ssl.AggregateTrustManager.checkServerTrusted(AggregateTrustManager.java:107) > > ~[ldaptive-1.2.0.jar:?] > at > sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:922) > > ~[?:1.8.0_92] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) > > ~[?:1.8.0_92] > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) > ~[?:1.8.0_92] > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) > ~[?:1.8.0_92] > at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) > ~[?:1.8.0_92] > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) > ~[?:1.8.0_92] > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) > > ~[?:1.8.0_92] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) > ~[?:1.8.0_92] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) > ~[?:1.8.0_92] > at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376) > ~[?:1.8.0_92] > at com.sun.jndi.ldap.Connection.<init>(Connection.java:203) ~[?:1.8.0_92] > at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[?:1.8.0_92] > at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614) > ~[?:1.8.0_92] > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746) ~[?:1.8.0_92] > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[?:1.8.0_92] > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) > ~[?:1.8.0_92] > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) > ~[?:1.8.0_92] > at > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) > ~[?:1.8.0_92] > at > com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) > ~[?:1.8.0_92] > at > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) > ~[?:1.8.0_92] > at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) > ~[?:1.8.0_92] > at javax.naming.InitialContext.init(InitialContext.java:244) ~[?:1.8.0_92] > at > javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) > ~[?:1.8.0_92] > at > org.ldaptive.provider.jndi.JndiConnectionFactory.createInternal(JndiConnectionFactory.java:87) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.provider.jndi.JndiConnectionFactory.createInternal(JndiConnectionFactory.java:21) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.provider.AbstractProviderConnectionFactory.create(AbstractProviderConnectionFactory.java:84) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.DefaultConnectionFactory$DefaultConnection.open(DefaultConnectionFactory.java:267) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.pool.AbstractConnectionPool.createConnection(AbstractConnectionPool.java:437) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.pool.AbstractConnectionPool.createAvailableConnection(AbstractConnectionPool.java:476) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.pool.AbstractConnectionPool.grow(AbstractConnectionPool.java:326) > > ~[ldaptive-1.2.0.jar:?] > at > org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:235) > > ~[ldaptive-1.2.0.jar:?] > at > org.apereo.cas.configuration.support.Beans.newBlockingConnectionPool(Beans.java:400) > > ~[cas-server-core-configuration-5.0.3.1.jar:5.0.3.1] > at > org.apereo.cas.configuration.support.Beans.newPooledConnectionFactory(Beans.java:411) > > ~[cas-server-core-configuration-5.0.3.1.jar:5.0.3.1] > at > org.apereo.cas.adaptors.ldap.services.config.LdapServiceRegistryConfiguration.ldapServiceRegistryDao(LdapServiceRegistryConfiguration.java:44) > > I tryed to insert into deployerConfigContext.xml file: > <bean id="sslConfig" > class="org.ldaptive.ssl.SslConfig"> > <constructor-arg ref="defaultTrustManager"/> > </bean> > <bean id="defaultTrustManager" > class="org.ldaptive.ssl.DefaultTrustManager" /> > > But didnt work :( > > May you help me to connect to this ldap server with ssl?? > > thanks >
-- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9843a746-a1ee-4925-91c2-2eab066a7be6%40apereo.org.
