I'm trying to install TLS connection and I am finding the following exception:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Hereinafter you can find the key installed on the cacerts keystore used by the JVM; Nome alias: dem Data di creazione: 3-apr-2017 Tipo di voce: trustedCertEntry Proprietario: CN=localhost, OU=ApacheDS, O=ASF, C=US Autorità emittente: CN=localhost, OU=ApacheDS, O=ASF, C=US Numero di serie: 29e85549 Valido da: Mon Apr 03 16:59:52 CEST 2017 a: Wed Apr 03 16:59:52 CEST 2019 Impronte digitali certificato: MD5: 0D:56:E7:CF:68:6E:5D:5D:B2:CC:78:8C:E1:FA:DE:2A SHA1: 4E:BB:0D:3F:CC:EA:9F:89:70:79:A8:B9:8C:5A:98:E0:A9:8A:BB:E2 SHA256: B0:45:C6:37:16:A4:79:7A:37:91:57:AE:DD:65:94:DE:BE:B0:05:AF:67:2F:DE:C6:60:00:73:34:7A:E5:58:A8 Nome algoritmo firma: SHA256withRSA Versione: 3 Estensioni: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: E9 01 0A 4D 4C E6 2A B9 2D 27 14 5D 59 34 16 6B ...ML.*.-'.]Y4.k 0010: A7 3A 0F 29 .:.) ] ] Now you can find the key store used by ApacheDS from which i generated the previous key: Tipo keystore: JKS Provider keystore: SUN Il keystore contiene 1 voce Nome alias: dem Data di creazione: 3-apr-2017 Tipo di voce: PrivateKeyEntry Lunghezza catena certificati: 1 Certificato[1]: Proprietario: CN=localhost, OU=ApacheDS, O=ASF, C=US Autorità emittente: CN=localhost, OU=ApacheDS, O=ASF, C=US Numero di serie: 29e85549 Valido da: Mon Apr 03 16:59:52 CEST 2017 a: Wed Apr 03 16:59:52 CEST 2019 Impronte digitali certificato: MD5: 0D:56:E7:CF:68:6E:5D:5D:B2:CC:78:8C:E1:FA:DE:2A SHA1: 4E:BB:0D:3F:CC:EA:9F:89:70:79:A8:B9:8C:5A:98:E0:A9:8A:BB:E2 SHA256: B0:45:C6:37:16:A4:79:7A:37:91:57:AE:DD:65:94:DE:BE:B0:05:AF:67:2F:DE:C6:60:00:73:34:7A:E5:58:A8 Nome algoritmo firma: SHA256withRSA Versione: 3 Estensioni: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: E9 01 0A 4D 4C E6 2A B9 2D 27 14 5D 59 34 16 6B ...ML.*.-'.]Y4.k 0010: A7 3A 0F 29 .:.) ] ] Can you help me to understab why my client application does not work? It fails when it try to negotiate. In the follwing you can find the code where the SW fails tls = (StartTlsResponse) context.extendedOperation(new StartTlsRequest()); SSLSession sess = tls.negotiate(); any advice will be appriciated. Regards Pasquale Il presente messaggio e-mail e ogni suo allegato devono intendersi indirizzati esclusivamente al destinatario indicato e considerarsi dal contenuto strettamente riservato e confidenziale. Se non siete l'effettivo destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati di avvertire immediatamente il mittente e di cancellare il suddetto messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi utilizzo, diffusione, copia o archiviazione del presente messaggio da parte di chi non ne è il destinatario è strettamente proibito e può dar luogo a responsabilità di carattere civile e penale punibili ai sensi di legge. Questa e-mail ha valore legale solo se firmata digitalmente ai sensi della normativa vigente. The contents of this email message and any attachments are intended solely for the addressee(s) and contain confidential and/or privileged information. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately notify the sender and then delete this message and any attachments from your system. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. Unauthorized disclosure and/or use of information contained in this email message may result in civil and criminal liability. “ This e-mail has legal value according to the applicable laws only if it is digitally signed by the sender -----Messaggio originale----- Da: Emmanuel Lécharny [mailto:[email protected]] Inviato: lunedì 3 aprile 2017 14:08 A: Apache Directory Developers List Oggetto: Re: R: R: R: Password policy retrieving problem Le 03/04/2017 à 12:13, Maiorano Pasquale a écrit : > My needs are the following: > I do not have to set the psw policy by code. I set them by means of the > directory studio. The psw policy are overall, valid for any entry. If the > client sw tries to connect a user with a psw, and the if I have set the psw > policy as stated in the annexed image, the LDAP API raise an excpetion if, > for instance, the psw is being expired? The thing is : users don't set PP, they are subject to it. What will happen is that if an application is trying to bind on the LDAP server with the user credentials, and if the user's password has expired, then the bind will fail and a control will contain the cause of the failure. It's now up to the application to deal with this failure and control. -- Emmanuel Lecharny Symas.com directory.apache.org
