[SOLVED]Re: ApacheDS 1.52 Bad transition from state START_STATE, tag 0x80

Thu, 24 Apr 2008 07:16:30 -0700 


--- Emmanuel Lecharny <[EMAIL PROTECTED]> wrote:

> Seems to be a known problem with Outlook :
>
http://www.openldap.org/lists/openldap-software/200204/msg00723.html

Well what do you know - the second issue is also a
quirk in Outlook (any version) - the problem was -
that the SSL certificate has to match the hostname
exactly - if it is empty or you do not connect using
the DNS name - outlook will simply refuse the
connection even if the cert itself is trusted.
Great - so what i did for testing was just edit my
hosts file and point the IP of the apacheDS to the
"right" DNS name.

BTW: In the 1.5.2 API i didnt found an easy way to
change the SSL Certificate (previously a
setCertificateFile etc existed) - so i did the
following - is this the intended way currently?
In essence i modify the admin attribute always at
server startup : 

EntryOperationContext adminEntry = new
EntryOperationContext(
                                directoryService.getRegistries(),
PartitionNexus.getAdminName());

KeyStore store = ...
KeyPair keyPair = ...

        Attributes entry = new BasicAttributes();

                        
                        PrivateKey privateKey = keyPair.getPrivate();
                        entry.put(TlsKeyGenerator.KEY_ALGORITHM_AT,
privateKey
                                        .getAlgorithm());
                        entry.put(TlsKeyGenerator.PRIVATE_KEY_AT,
privateKey.getEncoded());
                        entry.put(TlsKeyGenerator.PRIVATE_KEY_FORMAT_AT,
privateKey
                                        .getFormat());

                        PublicKey publicKey = keyPair.getPublic();
                        entry.put(TlsKeyGenerator.PUBLIC_KEY_AT,
publicKey.getEncoded());
                        entry.put(TlsKeyGenerator.PUBLIC_KEY_FORMAT_AT,
publicKey
                                        .getFormat());

                        Certificate cert = store.getCertificate(alias);

                        entry.put(TlsKeyGenerator.USER_CERTIFICATE_AT,
cert.getEncoded());

                        List<Modification> items =
ModifyOperationContext.createModItems(
                                        ServerEntryUtils.toServerEntry(entry,
PartitionNexus
                                                        .getAdminName(),
directoryService.getRegistries()),
                                        
ModificationOperation.REPLACE_ATTRIBUTE);

                        directoryService.getPartitionNexus().modify(
                                        new ModifyOperationContext(
                                                        
directoryService.getRegistries(),
PartitionNexus
                                                                        
.getAdminName(), items));


Thanks


      
____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

Reply via email to