wood burning stoves 2.0*
The moose likes Security and the fly likes javax.net.ssl.SSLHandshakeException : with Tivoli Directory Server Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "javax.net.ssl.SSLHandshakeException : with Tivoli Directory Server" Watch "javax.net.ssl.SSLHandshakeException : with Tivoli Directory Server" New topic
Author

javax.net.ssl.SSLHandshakeException : with Tivoli Directory Server

nishad saithaly
Greenhorn

Joined: May 03, 2009
Posts: 4
I am getting exception when I try to execute Java Code to connect to Tivoli Directory Server using SSL.
Earlier I was using the default port 389, now i want to try connecting using SSL.

Exception Sample->

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

How it all started -->

I followed a tutorial to configure SSL on my TDS instance:

Step 1: Enabled SSL on my LDAP Server
a. Create self signed certificate
b. extracted cert as .arm it using gsk7ikm

Step 2: Tried to verify the server CMS
a. Create CMS on client
b. Get extracted Self Signed Certificate from server kdb
c. Add certificate to Client CMS

Then I realised that I had can save the Client KDB file as JKS and extract the certificate from it and import it into the java keystore.

So I took the JKS and extracted mycert.crt file

:>keytool -exportcert -alias sslldap -keystore client_java_key.jks -storepass p@ssw0rd -file mycert.crt

I then imported the extracted mycert.crt file using
:>keytool -importcert -alias sslldap -file mycert.crt

Also, SSL is working and I can telnet to host with ssl port 636.
----

I am not sure as what I am doing wrong here. Some help would be greatly appreciated.

----
Here is the dump of the stack trace:

javax.naming.CommunicationException: simple bind failed: vmldap:636 [Root e
xception is javax.net.ssl.SSLHandshakeException: sun.security.validator.Validato
rException: PKIX path building failed: sun.security.provider.certpath.SunCertPat
hBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at com.ldap.LDAPTest.test2(LDAPTest.java:98)
at com.ldap.LDAPTest.main(LDAPTest.java:85)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator
Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath
BuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unkno
wn Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source
)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Un
known Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Sou
rce)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read1(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at com.sun.jndi.ldap.Connection.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali
d certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown So
urce)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(
Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(
Unknown Source)
... 13 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 19 more


regards
nishad
nishad saithaly
Greenhorn

Joined: May 03, 2009
Posts: 4
Problem solved!!

I had 2 jre's on my system.

I applied settings to wrong Jre.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: javax.net.ssl.SSLHandshakeException : with Tivoli Directory Server
 
Similar Threads
SSL Web Service Client
Downloading files from a HTTPS server
Unable to call webservice over SSL
accessing web service over ssl
Confusion about where I add this certificate