it means the authentication provider does not support the authentication algorithm you selected list out the contents of your keystore http://download-llnw.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html
you may be better off creating new keys and be sure you identify only the encryption algo the provider supports Martin Gainty ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Sun, 15 Aug 2010 14:14:55 +0000 > From: i.ga...@brainsware.org > To: users@tomcat.apache.org > Subject: JNDI: LDAPv3 with StartTLS > > > Hi folks, > > I'm running Hudson in Tomcat 6.0.29 on Debian/Squeeze/amd64 with > > i.ga...@pheme /opt/tomcat6 % java -version > java version "1.6.0_18" > OpenJDK Runtime Environment (IcedTea6 1.8) (6b18-1.8-1) > OpenJDK 64-Bit Server VM (build 14.0-b16, mixed mode) > > I'm starting the server with: > CATALINA_OPTS-"-Djava.awt.headless=true -Djavax.net.debug=ssl:handshake > -DHUDSON_HOME=${CATALINA_HOME}/webapps/hudson -Xmx512m" > > In server.xml's Engine context there is a single JNDI Realm configured: > > <Engine name="Catalina" defaultHost="localhost"> > > <Realm className="org.apache.catalina.realm.JNDIRealm" > connectionURL="ldap://mail.brainsware.org:389/" > alternateURL="ldap://mail.esotericsystems.at:389" > commonRole="admin" connectionName="uid=whatever" > connectionPassword="securityisgreat." > userBase="ou=people,dc=brainsware,dc=org" > userPattern="(uid={0})(postOfficeBox=internal_projects)" > userSearch="(uid={0})" /> > > The LDAP server I'm connecting to is Zimbra (OpenLDAP), and requires > StartTLS. It has a valid Certificate, signed by Go Daddy. > I've made sure that all parts of Go Daddy's chain are in the JVM's cacerts. > > When starting the server, I see this in the log: > > INFO: Starting Servlet Engine: Apache Tomcat/6.0.29 > Aug 15, 2010 2:04:18 PM org.apache.catalina.realm.JNDIRealm open > WARNING: Exception performing authentication > javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 - > confidentiality required] > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3023) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694) > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:306) > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) > at > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) > at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) > at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) > at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) > at javax.naming.InitialContext.init(InitialContext.java:240) > at javax.naming.InitialContext.<init>(InitialContext.java:214) > at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:99) > at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:1954) > at org.apache.catalina.realm.JNDIRealm.start(JNDIRealm.java:2045) > at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1037) > at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445) > at org.apache.catalina.core.StandardService.start(StandardService.java:519) > at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) > at org.apache.catalina.startup.Catalina.start(Catalina.java:581) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:616) > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) > > > I've traced the operation with wireshark only to find it's not even trying to > do any kind of SASL negotiation. > That seems weird, since: > http://www.java2s.com/Open-Source/Java-Document/6.0-JDK-Modules-com.sun/jndi/com/sun/jndi/ldap/LdapClient.java.htm > suggests it should be doing that by default. > > I'm out ideas now. and welcome any advise you can offer. > > So long o/~ > -- > Igor Galić > > Tel: +43 (0) 664 886 22 883 > Mail: i.ga...@brainsware.org > URL: http://brainsware.org/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >