Results 1 to 3 of 3

Thread: SSLHandshakeException

  1. Nov 4th, 2009, 07:34 PM #1
    MarkMiller
    MarkMiller is offline Junior Member
    Join Date
    Nov 2009
    Posts
    4

    Default SSLHandshakeException

    Hello,

    I dropped the spring-security-samples-ldap-2.0.5 into the webapps directory of Tomcat 6.0 today and the sample came right up. Next I imported the sample's users.ldif file into an instance of Apache Directory Studio using the Apache Diretory Suite so I could use a standalone LDAP server. I then updated the sample's applicationContext-security.xml file to point the ApacheDS server (ldaps://localhost:10686/dc=example,dc=com) to have it use the standalone LDAP server instead of the embedded one. After validating that this configuration worked, I added 'requires-channel="https"' to the intercept-url to force the sample to use https for the "/secure/**" and "/secure/extreme/**" urls and I created a keystore for Tomcat using the keytool. It almost worked.

    The opening page comes up in http mode and then switches to https after I select the "Secure Page" link as expected. The process blows up however after I enter the user name and password. I am getting the following error:

    Reason: simple bind failed: localhost:10686; nested exception is javax.naming.CommunicationException: simple bind failed: localhost:10686 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target]; nested exception is org.springframework.ldap.CommunicationException: simple bind failed: localhost:10686; nested exception is javax.naming.CommunicationException: simple bind failed: localhost:10686 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target]

    I would greatly appreciate any help and/or pointers to documentation that can help.

    Regards,

    Mark
  2. Nov 5th, 2009, 12:46 PM #2
    Luke Taylor
    Luke Taylor is offline Senior Member Acegi Security System TeamSpring Team
    Join Date
    Aug 2004
    Location
    Glasgow, Scotland
    Posts
    3,449

    Default

    Looks like your LDAP client (Tomcat) isn't happy to accept the SSL certificate from your LDAP server. You need to check the CA certfifcates in the truststore and make sure they include the one used to sign your LDAP server certficate. It's basically a matter of debugging things at the SSL level though, and nothing to do with Spring Security.
    Spring - by Pivotal
    twitter @tekul
  3. Nov 5th, 2009, 06:53 PM #3
    MarkMiller
    MarkMiller is offline Junior Member
    Join Date
    Nov 2009
    Posts
    4

    Default Solution

    Hi,

    My goal was to get a login application running in Tomcat that accessed the Apache Directory Server in https and ldaps modes. The following URL helped me to get it up and running. I realize that I will have to use real certificates before we go live, but I now have the proof of concept complete.

    http://blogs.sun.com/andreas/entry/n...unable_to_find

    Mark
    Last edited by Luke Taylor; Nov 6th, 2009 at 05:51 AM. Reason: corrected URL
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules