This week's book giveaway is in the Performance forum.
We're giving away four copies of The Java Performance Companion and have Charlie Hunt, Monica Beckwith, Poonam Parhar, & Bengt Rutisson on-line!
See this thread for details.
Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

LDAP Authentication using SSL

 
Vikrant Mehta
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I am quite new to LDAP Authentication. I am able to connect and authenticate to LDAP on default port using Clear Password Authentication.
Client now require us to use LDAP Authentication over SSL. Following is App Server details

App Server : Pramati 6
OS : Unix
Java : 1.6

I got SSL Ceritificate from Client of their LDAP Server, and imported same into App Server's Java Security (jdk1.6.0_02\jre\lib\security\cacerts)
When i try to connect to LDAP on SSL Port, i get following error

Exception Occured Is : anonymous bind failed: 10.50.37.170:636
javax.naming.CommunicationException: anonymous bind failed: 10.50.37.170:636 [Root exception is javax.net.ssl.SSLHandshakeExcep
tion: java.security.cert.CertificateException: Certificate contains unsupported critical extensions: [2.5.29.17]]


Can anyone please let me know what is this error about and how to approach to solve the same.
Any help would be appreciated deeply.

Thanks in advance,
Vikkky
 
Prabaharan Gopalan
Ranch Hand
Posts: 66
Java Linux VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I took the liberty of Googling it for you since this being your 1st post. And looks like there could be quite a few reasons ranging from a problematic certificate to a bug in RHEL.

http://forum.springsource.org/showthread.php?42510-LDAPS-External-Certificate-contains-unsupported-critical-extensions-2-5-29-17
https://forums.oracle.com/forums/thread.jspa?threadID=980847
https://bugzilla.redhat.com/show_bug.cgi?id=618290

And the generic description provided could fit any of those cases. Could you please do some more searching on this topic and if you still would like to get another set eye balls into the problem, we'd be happy to assist. Also, it would make our jobs a lot easier if you could also provide what steps you have tried so far so that we don't try the same things again.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic