On Aug 2, 2013, at 9:23 AM, Kyle Shattuck <ky...@montcalm.edu> wrote:

> My Server( CAS) is using SSL and the LDAP(DC) server uses SSL. So when I try 
> to authenticate through my CAS server to DC over LDAPS it does not work.  
> When I look at the logs of the "Applications and Services Logs" -->"Directory 
> Service" is says-->
> Information    ActiveDirectory_DomainService  1535    LDAP Interface:
> Internal event: The LDAP server returned an error. 
> 
> Additional Data 
> Error value:
> 00000003: LdapErr: DSID-0C060463, comment: Error decrypting ldap message, 
> data 0, v1db1

Sorry for being slow here.  I'm just not quite sure how this is related to 
Tomcat.  It seems like an application or JVM configuration issue.  

A couple more questions for you.

  - What log are you pulling this from?  Is this from your LDAP server, an 
application log or a Tomcat log?  

  - How are you configuring your application to connect to your LDAP server?  
Is this with a <Resource /> tag in Tomcat?  or is this done in application 
configuration?  Can you include this config for us, minus passwords?

  - Does your LDAP server have a certificate from a trusted certificate 
authority?  Is this what you were talking about when you mentioned creating a 
keystore with a certificate from digicert in your original email?  Or is the 
LDAP Server's certificate self signed?

Dan

> 
> Tomcat version:apache-tomcat-7.0.42
> 
> -----Original Message-----
> From: Daniel Mikusa [mailto:dmik...@gopivotal.com] 
> Sent: Friday, August 02, 2013 8:59 AM
> To: Tomcat Users List
> Subject: Re: Cert
> 
> On Aug 2, 2013, at 7:33 AM, Kyle Shattuck <ky...@montcalm.edu> wrote:
> 
>> Hello,
>> I am using Tomcat 7 on a windows server 2012 build for this: 
>> https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method
>> 
>> I don't think SSL is not working correctly because every time I try to 
>> authenticate over LDAPS it does not work.
> 
> What part of this doesn't work?  Connecting via SSL or authentication via 
> LDAP?  They are two different things.
> 
> Can you connect to your server via HTTPS and access a static resource like an 
> HTML page or image file?  If not, what happens when you try to connect?
> 
>> 
>> I created a .csr and a .jks using the java keytool. I got a cert using my 
>> .csr file from digicert by downloading it to a .p7b file. I imported the 
>> .p7b file to my %jave_home%\bin\mykeystore.jks. I then download from 
>> digicert the same cert but in a .pem file and imported the file to my 
>> %jave_home5\jre\lib\security\cacerts.
>> 
>> Did I miss something here, do you need any other info?
> 
> - What is the specific version of Tomcat that you are using?
> - Do you see any errors in the log?
> - Include your server.xml, minus comments and minus any sensitive info like 
> passwords
> 
> Dan
> 
>> 
>> Thank you,
>> Kyle
>> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> <server.xml>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to