Application Server Solutions for Microsoft IIS and ASP.NET
       solutions   products   partners   company   support   downloads         store
BlueDragon Self-Help: FAQ
Back to Search >  Back to Search Results

Faq ID 376
Product BlueDragon
Category General Info, Security
Question With BD/Java, can the CFLDAP tag be used with SSL?
Answer The CFLDAP tag can be used with SSL using the following steps:
  1. In the CFLDAP tag, set the port attribute to the value of the LDAP server's SSL port. The default port for SSL with LDAP is 636.
  2. In the CFLDAP tag, set the secure attribute to CFSSL_BASIC.
  3. Install the LDAP server's certificate in the database of trusted certificates for the JRE being used by BD JX or BD JEE. This is done from the command line using the following steps:
    • cd JAVA_HOME/lib/security
    • if JAVA_HOME/lib/security contains a jssecacerts file then enter the following command. If you are prompted for a keystore password and you don't know what it is then most likely it is still set to the default password 'changeit'.
      • keytool -import -file ldap_server_cert.cer -keystore jssecacerts
    • if JAVA_HOME/lib/security doesn't contain a jssecacerts file then enter the following command. If you are prompted for a keystore password and you don't know what it is then most likely it is still set to the default password 'changeit'.
      • keytool -import -file ldap_server_cert.cer -keystore cacerts
  4. Restart either the BD JX service or the application server that BD JEE is running behind so that BD will pick up the changes made to the database of trusted certificates.

For example, if BD J2EE is running with JDK 1.6 on Windows then the value of JAVA_HOME for the JRE would be: C:\Program Files\Java\jdk1.6.0\jre.

If you don't install the LDAP server's certificate in your JRE's database of trusted certificates then you'll receive the following General Runtime Error:

javax.naming.CommunicationException: simple bind failed: test.newatlanta.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]; ROOT CAUSE=sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

If you hit a non-SSL port with secure set to CFSSL_BASIC then you'll receive the following General Runtime Error:

javax.naming.CommunicationException: simple bind failed: test.newatlanta.com:389 [Root exception is javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?]; ROOT CAUSE=Unrecognized SSL message, plaintext connection?



   
company media information terms of use privacy policy contact us