Hello guys,
I am setting up CAS5.x LDAP with SSL. The LDAP's server is configured with
a ssl certificate. The CN's certificate is not same LDAPs hostname.
So, we got the error:
java.security.cert.CertificateException: Hostname '[ldapserver]' does not
match the hostname in the server's certificate 'CN=anotherldapserver,
O=ORG, C=JP'
at
org.ldaptive.ssl.HostnameVerifyingTrustManager.checkCertificateTrusted(HostnameVerifyingTrustManager.java:79)
~[ldaptive-1.2.0.jar:?]
at
org.ldaptive.ssl.HostnameVerifyingTrustManager.checkServerTrusted(HostnameVerifyingTrustManager.java:55)
~[ldaptive-1.2.0.jar:?]
at
org.ldaptive.ssl.AggregateTrustManager.checkServerTrusted(AggregateTrustManager.java:107)
~[ldaptive-1.2.0.jar:?]
at
sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:922)
~[?:1.8.0_92]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
~[?:1.8.0_92]
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
~[?:1.8.0_92]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
~[?:1.8.0_92]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
~[?:1.8.0_92]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
~[?:1.8.0_92]
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
~[?:1.8.0_92]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
~[?:1.8.0_92]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
~[?:1.8.0_92]
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376)
~[?:1.8.0_92]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:203) ~[?:1.8.0_92]
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[?:1.8.0_92]
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614)
~[?:1.8.0_92]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746) ~[?:1.8.0_92]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[?:1.8.0_92]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
~[?:1.8.0_92]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
~[?:1.8.0_92]
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
~[?:1.8.0_92]
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
~[?:1.8.0_92]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
~[?:1.8.0_92]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
~[?:1.8.0_92]
at javax.naming.InitialContext.init(InitialContext.java:244) ~[?:1.8.0_92]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
~[?:1.8.0_92]
at
org.ldaptive.provider.jndi.JndiConnectionFactory.createInternal(JndiConnectionFactory.java:87)
~[ldaptive-1.2.0.jar:?]
at
org.ldaptive.provider.jndi.JndiConnectionFactory.createInternal(JndiConnectionFactory.java:21)
~[ldaptive-1.2.0.jar:?]
at
org.ldaptive.provider.AbstractProviderConnectionFactory.create(AbstractProviderConnectionFactory.java:84)
~[ldaptive-1.2.0.jar:?]
at
org.ldaptive.DefaultConnectionFactory$DefaultConnection.open(DefaultConnectionFactory.java:267)
~[ldaptive-1.2.0.jar:?]
at
org.ldaptive.pool.AbstractConnectionPool.createConnection(AbstractConnectionPool.java:437)
~[ldaptive-1.2.0.jar:?]
at
org.ldaptive.pool.AbstractConnectionPool.createAvailableConnection(AbstractConnectionPool.java:476)
~[ldaptive-1.2.0.jar:?]
at
org.ldaptive.pool.AbstractConnectionPool.grow(AbstractConnectionPool.java:326)
~[ldaptive-1.2.0.jar:?]
at
org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:235)
~[ldaptive-1.2.0.jar:?]
at
org.apereo.cas.configuration.support.Beans.newBlockingConnectionPool(Beans.java:400)
~[cas-server-core-configuration-5.0.3.1.jar:5.0.3.1]
at
org.apereo.cas.configuration.support.Beans.newPooledConnectionFactory(Beans.java:411)
~[cas-server-core-configuration-5.0.3.1.jar:5.0.3.1]
at
org.apereo.cas.adaptors.ldap.services.config.LdapServiceRegistryConfiguration.ldapServiceRegistryDao(LdapServiceRegistryConfiguration.java:44)
I tryed to insert into deployerConfigContext.xml file:
<bean id="sslConfig"
class="org.ldaptive.ssl.SslConfig">
<constructor-arg ref="defaultTrustManager"/>
</bean>
<bean id="defaultTrustManager"
class="org.ldaptive.ssl.DefaultTrustManager" />
But didnt work :(
May you help me to connect to this ldap server with ssl??
thanks
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/596d769a-05f7-4375-bbfb-58bec5ca50ca%40apereo.org.
