Announcement Announcement Module
Collapse
No announcement yet.
SSLHandshakeException Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SSLHandshakeException

    Hello,

    I dropped the spring-security-samples-ldap-2.0.5 into the webapps directory of Tomcat 6.0 today and the sample came right up. Next I imported the sample's users.ldif file into an instance of Apache Directory Studio using the Apache Diretory Suite so I could use a standalone LDAP server. I then updated the sample's applicationContext-security.xml file to point the ApacheDS server (ldaps://localhost:10686/dc=example,dc=com) to have it use the standalone LDAP server instead of the embedded one. After validating that this configuration worked, I added 'requires-channel="https"' to the intercept-url to force the sample to use https for the "/secure/**" and "/secure/extreme/**" urls and I created a keystore for Tomcat using the keytool. It almost worked.

    The opening page comes up in http mode and then switches to https after I select the "Secure Page" link as expected. The process blows up however after I enter the user name and password. I am getting the following error:

    Reason: simple bind failed: localhost:10686; nested exception is javax.naming.CommunicationException: simple bind failed: localhost:10686 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target]; nested exception is org.springframework.ldap.CommunicationException: simple bind failed: localhost:10686; nested exception is javax.naming.CommunicationException: simple bind failed: localhost:10686 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target]

    I would greatly appreciate any help and/or pointers to documentation that can help.

    Regards,

    Mark

  • #2
    Looks like your LDAP client (Tomcat) isn't happy to accept the SSL certificate from your LDAP server. You need to check the CA certfifcates in the truststore and make sure they include the one used to sign your LDAP server certficate. It's basically a matter of debugging things at the SSL level though, and nothing to do with Spring Security.

    Comment


    • #3
      Solution

      Hi,

      My goal was to get a login application running in Tomcat that accessed the Apache Directory Server in https and ldaps modes. The following URL helped me to get it up and running. I realize that I will have to use real certificates before we go live, but I now have the proof of concept complete.

      http://blogs.sun.com/andreas/entry/n...unable_to_find

      Mark
      Last edited by Luke Taylor; Nov 6th, 2009, 05:51 AM. Reason: corrected URL

      Comment

      Working...
      X