That's only necessary if the certificate from the LDAP server isn't signed by a known CA. (e.g. it's self-signed.)
If it is, you need to import the LDAP server's public key into your CF server's java keystore. I wrote up a doc on how to do it a while back: https://docs.google.com/document/d/12Ef1SwddMh0oO11TS3lt5E8VGiVCsdI8WmYn8qQLW4c/edit?usp=sharing On 12/10/13 3:31 PM, Dan LeGate wrote: > No. How do we do that? > > Is it the individual server certificate(s) that we connect to that are > put into the key store? > > Or a Certificate Authority certificate we need? > > Where is the key store on the CF Server and how do we manipulate it? > > Thanks, > > Dan > > On 12/10/2013 2:53 PM, Russ Michaels wrote: >> Have u imported the ssl into the key store? >> >> Russ Michaels >> www.michaels.me.uk >> cfmldeveloper.com >> cflive.net >> cfsearch.com >> On 10 Dec 2013 20:52, "Dan LeGate"<d...@legeek.com> wrote: >> >>> I take it back... exact same code EXCEPT my code in outside the Custom >>> Tag folder had excluded the PORT attribute, so I assume it was going to >>> the non-SSL port and working fine. >>> >>> Once I added port = "636" to that code, exact same response: socket closed >>> >>> Again, the LDAPS (636) port is open to the ColdFusion server. >>> >>> I'm thinking it's an SSL issue. What steps need to be taken to ensure >>> LDAPS communication works? >>> >>> Thanks! >>> >>> Dan >>> >>> On 12/10/2013 12:36 PM, Dan LeGate wrote: >>>> Here's the weirdness I'm experiencing... >>>> >>>> I have a Custom Tag we've been using for years that is called from most >>>> of our applications and authenticates them to a Sun LDAP server. >>>> >>>> We are moving to an Active Directory service, and when I attempt to do a >>>> bind against the new system, I get: >>>> >>>> An error has occurred while trying to execute query :servername.com:636; >>>> socket closed. >>>> >>>> However, if I run that SAME cfldap command in a .cfm file out in a >>>> regular web folder (i.e. not as a Custom Tag under the ColdFusion >>>> directory), it works fine! >>>> >>>> I have restarted the server to make sure any old Custom Tag code isn't >>>> somehow cached. I have verified the SSL (636) port is open to the CF >>>> server. >>>> >>>> Any ideas on this one? Very confused by this. >>>> >>>> Thanks for any feedback! >>>> >>>> Dan >>>> >>>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357336 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
