My Server( CAS) is using SSL and the LDAP(DC) server uses SSL. So when I try to
authenticate through my CAS server to DC over LDAPS it does not work. When I
look at the logs of the "Applications and Services Logs" -->"Directory Service"
is says-->
Information ActiveDirectory_DomainService 1535 LDAP Interface:
Internal event: The LDAP server returned an error.
Additional Data
Error value:
00000003: LdapErr: DSID-0C060463, comment: Error decrypting ldap message, data
0, v1db1
Tomcat version:apache-tomcat-7.0.42
-----Original Message-----
From: Daniel Mikusa [mailto:dmik...@gopivotal.com]
Sent: Friday, August 02, 2013 8:59 AM
To: Tomcat Users List
Subject: Re: Cert
On Aug 2, 2013, at 7:33 AM, Kyle Shattuck <ky...@montcalm.edu> wrote:
> Hello,
> I am using Tomcat 7 on a windows server 2012 build for this:
> https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method
>
> I don't think SSL is not working correctly because every time I try to
> authenticate over LDAPS it does not work.
What part of this doesn't work? Connecting via SSL or authentication via LDAP?
They are two different things.
Can you connect to your server via HTTPS and access a static resource like an
HTML page or image file? If not, what happens when you try to connect?
>
> I created a .csr and a .jks using the java keytool. I got a cert using my
> .csr file from digicert by downloading it to a .p7b file. I imported the .p7b
> file to my %jave_home%\bin\mykeystore.jks. I then download from digicert the
> same cert but in a .pem file and imported the file to my
> %jave_home5\jre\lib\security\cacerts.
>
> Did I miss something here, do you need any other info?
- What is the specific version of Tomcat that you are using?
- Do you see any errors in the log?
- Include your server.xml, minus comments and minus any sensitive info like
passwords
Dan
>
> Thank you,
> Kyle
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files\Java\jdk1.7.0_25\keystore.jks" keystorePass="pass" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
