I finally made the SSL communication working: I replaced the "$JAVAHOME/jre/lib/security/cacerts" of client system with "keystore" file used on server (I changed his name to "cacerts"). Quick and dirty. Issue now is client and orion server hang after first context creation: Here's the code - this object should be instanciated on demand by client system: Standalone application constructor: public PaymentProxy() { try { // Create access to the naming context. Context context = new InitialContext(); // setup debugging level logging = (String)context.lookup("java:comp/env/logging.level"); context.close(); } catch(NamingException e) { log( e ); } } After leaving, orion hang completely (no more communication, no http, no console access). I have no problem if I swith "jndi.properties" to http. My system: jdk 1.2.2, red hat 6.2, orion 1.2.4 Bernard Sauterel >>>>> >Hi, >>>>> > >>>>> >Thanks for the work. I'm in trouble connecting thru SSL: >>>>> > >>>>> >output from my client application: >>>>> >---------------------------------------------------------------- >>>>> >initializing context ... >>>>> > >>>>> >sauterel.shared.ldap.ProxyClient@2f70f477 - Communication error: Error >>>>> >reading application-client descriptor: Error communicating with >>>>> >server: Lookup error: javax.net.ssl.SSLException: untrusted server cert >>>>> >chain; nested exception is: >>>>> > javax.net.ssl.SSLException: untrusted server cert chain; nested >>>>> >exception is: >>>>> > javax.naming.NamingException: Lookup error: >>>>> >javax.net.ssl.SSLException: untrusted server cert chain; nested exception >>>>> >is: >>>>> > javax.net.ssl.SSLException: untrusted server cert chain >>>>> > >>>>> > >>>>> >jndi.properties: >>>>> >---------------------------------------------------------------- >>>>> >java.naming.factory.initial=com.everm >>>>> >ind.server.ApplicationClientInitialContextFactory >>>>> >java.naming.provider.url=https:ormi://www.sauterel.net/ldap >>>>> >java.naming.security.principal=admin >>>>> >java.naming.security.credentials=123 >>>>> > >>>>> > >>>>> >The application work perfectly using http:ormi:... . Web site is >>>>> >secured using a test cert (do I have to use an "official" cert?) >>>>> >generated as described in your "SSL how to". >>>>> > >>>>> >Looking forward, >>>>> > >>>>> >Bernard Sauterel +------------------+----------------------------+ | Bernard Sauterel | sauterel.net | +------------------+----------------------------+ email | [EMAIL PROTECTED]