Did you look in the jre? If you are using a JDK then the file would be: \jdk1.6.0_14\jre\lib\security\cacerts
-jim Jim Willeke On Fri, Oct 9, 2009 at 5:51 AM, anilkumarkatta <[email protected]>wrote: > > > Hi All > > Thanks for you replies. > > I have tried installing the ssl for the url. but same issue. > > I took some time to check how the existing url's ssl is done in keystore.. > but find nothing in java_home/lib/security. > > how this can be no ssl certifcates in keystore? > > if they keystore is exists in app level where does it saved in application > > Thanks again for the replies. > > -Anil > > > Andrew Jaquith-4 wrote: > > > > You are pretty new to this whole Java thing aren't you? > > > > It appears that 1) your LDAP server requires SSL (a good thing!) and > > that 2) your LDAP's SSL certificate is self-signed and therefore not > > trusted. > > > > Java keeps an internal list of SSL certs it trusts. Your self-signed > > CA is not one of them. You need to add the SSL certificate CA (that > > is, the self-signed root) to your local JSSE trusted certificate > > store. This is at $JAVA_HOME/lib/security/cacerts. > > > > The Java command line tool "keytool" can do this. You can also use my > > SSLHelper class, part of my freshcookies-security.jar that ships with > > JSPWiki. Indeed, I wrote it for just this situation. See the docs at > > freshcookies.org > > for details. > > > > With either aproach, you will need appprpriate admin rights to modify > > the truststore. > > > > Andrew > > > > On Oct 6, 2009, at 8:29, anilkumarkatta <[email protected]> > > wrote: > > > >> > >> > >> ....contd. > >> Caused by: javax.net.ssl.SSLHandshakeException: > >> sun.security.validator.ValidatorException: PKIX path building failed: > >> sun.security.provider.certpath.SunCertPathBuilderException: unable > >> to find > >> valid certification path to requested target > >> > >> > >> anilkumarkatta wrote: > >>> > >>> Hi All > >>> > >>> I have tried to authenticate via LDAP server with all the > >>> configuration > >>> procedure explained in the URL > >>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP > >>> with a user provided LDAP settings, I got firewall team to get the > >>> secure > >>> port open from where application is talking to the LDAP. > >>> > >>> i am getting this exception while start of the application > >>> > >>> > >>> 2009-10-06 22:14:04,581 [Thread-2] INFO > >>> org.apache.catalina.tribes.membership.McastService - Done sleeping, > >>> membership established, start level:4 > >>> 2009-10-06 22:14:04,581 [Thread-2] INFO > >>> org.apache.catalina.tribes.membership.McastService - Sleeping for > >>> 1000 > >>> milliseconds to establish cluster membership, start level:8 > >>> 2009-10-06 22:14:05,581 [Thread-2] INFO > >>> org.apache.catalina.tribes.membership.McastService - Done sleeping, > >>> membership established, start level:8 > >>> 2009-10-06 22:14:06,144 [Thread-2] WARN > >>> org.apache.catalina.core.ContainerBase.[Catalina] - Exception > >>> performing > >>> authentication > >>> javax.naming.CommunicationException: simple bind failed: > >>> ARTE001.MYDOMAIN.AK.com:636 [Root exception is > >>> javax.net.ssl.SSLHandshakeException: > >>> sun.security.validator.ValidatorException: PKIX path building failed: > >>> sun.security.provider.certpath.SunCertPathBuilderException: unable > >>> to find > >>> valid certification path to requested target] > >>> at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source) > >>> at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) > >>> at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source) > >>> > >>> > >>> where as when I place other deatails of the LDAP its working fine. > >>> does this required any cerification files like .jks files.. if so > >>> where > >>> shall I place them? > >>> > >>> your replies are most welcome > >>> > >>> Regards, > >>> -Anil Katta > >>> > >> > >> -- > >> View this message in context: > >> > http://www.nabble.com/Web-Container-Authentication-Via-LDAP-tp25767713p25767801.html > >> Sent from the JspWiki - User mailing list archive at Nabble.com. > >> > > > > > > -- > View this message in context: > http://www.nabble.com/Web-Container-Authentication-Via-LDAP-tp25767713p25818421.html > Sent from the JspWiki - User mailing list archive at Nabble.com. > >
