[prev in list] [next in list] [prev in thread] [next in thread] 

List:       forgerock-opendj
Subject:    [Opendj] Certificate issues.
From:       klaus () vink-slott ! dk (Klaus Vink Slott)
Date:       2012-09-11 10:46:53
Message-ID: 504F169D.4040200 () vink-slott ! dk
[Download RAW message or body]

Building a fresh cluster I have problems using TLS/SSL.

Install is without problems. The new server seems well until I try to
access using SSL or TLS. When I do so ldapsearch just hangs and newer
presents a password prompt. As far as I remember I get the same problem
on Oracle Java 7 and OpenJDK 1.6.0_24

On my previus cluster we have no problem using a wildcard certificate
based on GlobalSign, including a intermediate certificate. All packed in
a p12 file and selected during OpenDJ install.
The chain is something like:

GlobalSign Root CA
    AlphaSSL CA G2
        *.sc.ku.dk

Now using OpenJDK version "1.6.0_24" and OpenDJ-2.5.0-Xpress1 or
OpenDJ-2.4.6, I have not been able to make a encrypted connection with
the above certificate.

But if I modify my java as described as workaround on Ubuntu bugtrack
https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/1006776
AND using a selfsigned certificate, I am able to get a encrypted connection.

I have not tested yet if the wildcard or the intermediate certificate is
the causing the problem. Any opinions is welcome, there is so many
possible combination's possible and not enough time :-)

-- 
Regards
Klaus
Sysadmin on
Faculty of Humanities
UniCPH


[prev in list] [next in list] [prev in thread] [next in thread]