On Aug 2, 2013, at 9:23 AM, Kyle Shattuck <ky...@montcalm.edu> wrote:
> My Server( CAS) is using SSL and the LDAP(DC) server uses SSL. So when I try > to authenticate through my CAS server to DC over LDAPS it does not work. > When I look at the logs of the "Applications and Services Logs" -->"Directory > Service" is says--> > Information ActiveDirectory_DomainService 1535 LDAP Interface: > Internal event: The LDAP server returned an error. > > Additional Data > Error value: > 00000003: LdapErr: DSID-0C060463, comment: Error decrypting ldap message, > data 0, v1db1 Sorry for being slow here. I'm just not quite sure how this is related to Tomcat. It seems like an application or JVM configuration issue. A couple more questions for you. - What log are you pulling this from? Is this from your LDAP server, an application log or a Tomcat log? - How are you configuring your application to connect to your LDAP server? Is this with a <Resource /> tag in Tomcat? or is this done in application configuration? Can you include this config for us, minus passwords? - Does your LDAP server have a certificate from a trusted certificate authority? Is this what you were talking about when you mentioned creating a keystore with a certificate from digicert in your original email? Or is the LDAP Server's certificate self signed? Dan > > Tomcat version:apache-tomcat-7.0.42 > > -----Original Message----- > From: Daniel Mikusa [mailto:dmik...@gopivotal.com] > Sent: Friday, August 02, 2013 8:59 AM > To: Tomcat Users List > Subject: Re: Cert > > On Aug 2, 2013, at 7:33 AM, Kyle Shattuck <ky...@montcalm.edu> wrote: > >> Hello, >> I am using Tomcat 7 on a windows server 2012 build for this: >> https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method >> >> I don't think SSL is not working correctly because every time I try to >> authenticate over LDAPS it does not work. > > What part of this doesn't work? Connecting via SSL or authentication via > LDAP? They are two different things. > > Can you connect to your server via HTTPS and access a static resource like an > HTML page or image file? If not, what happens when you try to connect? > >> >> I created a .csr and a .jks using the java keytool. I got a cert using my >> .csr file from digicert by downloading it to a .p7b file. I imported the >> .p7b file to my %jave_home%\bin\mykeystore.jks. I then download from >> digicert the same cert but in a .pem file and imported the file to my >> %jave_home5\jre\lib\security\cacerts. >> >> Did I miss something here, do you need any other info? > > - What is the specific version of Tomcat that you are using? > - Do you see any errors in the log? > - Include your server.xml, minus comments and minus any sensitive info like > passwords > > Dan > >> >> Thank you, >> Kyle >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > <server.xml> > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org