Used LDAP Browser and it fails with the following message:
CA certificate is not in the server certificate chain
So I've used the keytool to import the all three:
1 - Comodo CA
2 - the intermediate/root cert of the server
3 - the cert of the server itself.
Restarted and it still
Here's the weirdness I'm experiencing...
I have a Custom Tag we've been using for years that is called from most
of our applications and authenticates them to a Sun LDAP server.
We are moving to an Active Directory service, and when I attempt to do a
bind against the new system, I get:
An
I take it back... exact same code EXCEPT my code in outside the Custom
Tag folder had excluded the PORT attribute, so I assume it was going to
the non-SSL port and working fine.
Once I added port = 636 to that code, exact same response: socket closed
Again, the LDAPS (636) port is open to the
Blog: http://www.austin-williams.com/blog
Twitter: http://www.twitter.com/austin_williams
-Original Message-
From: Dan LeGate [mailto:d...@legeek.com]
Sent: Tuesday, December 10, 2013 3:50 PM
To: cf-talk
Subject: Re: CFLDAP socket closed error against SSL
I take it back... exact
Have u imported the ssl into the key store?
Russ Michaels
www.michaels.me.uk
cfmldeveloper.com
cflive.net
cfsearch.com
On 10 Dec 2013 20:52, Dan LeGate d...@legeek.com wrote:
I take it back... exact same code EXCEPT my code in outside the Custom
Tag folder had excluded the PORT attribute, so
No. How do we do that?
Is it the individual server certificate(s) that we connect to that are
put into the key store?
Or a Certificate Authority certificate we need?
Where is the key store on the CF Server and how do we manipulate it?
Thanks,
Dan
On 12/10/2013 2:53 PM, Russ Michaels
easiest solution is to use this
http://certman.riaforge.org/
On Tue, Dec 10, 2013 at 11:31 PM, Dan LeGate d...@legeek.com wrote:
No. How do we do that?
Is it the individual server certificate(s) that we connect to that are
put into the key store?
Or a Certificate Authority certificate
That's only necessary if the certificate from the LDAP server isn't
signed by a known CA. (e.g. it's self-signed.)
If it is, you need to import the LDAP server's public key into your CF
server's java keystore. I wrote up a doc on how to do it a while back:
Nice!
On 12/10/13 4:18 PM, Russ Michaels wrote:
easiest solution is to use this
http://certman.riaforge.org/
On Tue, Dec 10, 2013 at 11:31 PM, Dan LeGate d...@legeek.com wrote:
No. How do we do that?
Is it the individual server certificate(s) that we connect to that are
put into the
Okay, so I looked up how to and used the following command syntax:
C:\CFusion\runtime\jre\bin\keytool.exe -import -v -alias aliasname -file
C:\temp\certfile.cer -keystore
C:\CFusion\runtime\jre\lib\security\cacerts -storepass password
which imported successfully (verified with the list
Can you connect to it via any other tools on the CF box? If you have
another client that might help determine whether it's a server/network
issue or a CF/Java issue.
On 12/10/13 4:19 PM, Dan LeGate wrote:
Okay, so I looked up how to and used the following command syntax:
I've connected to the port using telnet and using a port scanner - both
show the port is open.
This is an LDAPS connection (port 636), so a standard web browser, or
curl, etc., won't really work as a client, as far as I know.
Dan
On 12/10/2013 4:23 PM, .jonah wrote:
Can you connect to it
you can try ldap browser,
http://www.ldapbrowser.com/download.htm?download=browser
~Mahcsig
On Tue, Dec 10, 2013 at 4:32 PM, Dan LeGate d...@legeek.com wrote:
I've connected to the port using telnet and using a port scanner - both
show the port is open.
This is an LDAPS connection (port
That's only necessary if the certificate from the LDAP server isn't
signed by a known CA. (e.g. it's self-signed.)
... or signed by a root CA that's not in the keystore - this happens
fairly commonly in my experience.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Used LDAP Browser and it fails with the following message:
CA certificate is not in the server certificate chain
So I've used the keytool to import the all three:
1 - Comodo CA
2 - the intermediate/root cert of the server
3 - the cert of the server itself.
Restarted and it still complains
15 matches
Mail list logo
