I am trying to convert my code for accessing the ldap server to use SSL, but I am unable to figure out how to access the keystore to use the certificate. The certificate is located in the TrustedCAs keystore. All of the examples I have seen have shown how to access it when it is located in the JRE/lib/security directory in a file. I have the following code:
Properties properties = new Properties();
properties.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
properties.put( Context.PROVIDER_URL, "ldap://ldapservername:636" );
properties.put( Context.REFERRAL, "ignore" );
properties.put(Context.SECURITY_PROTOCOL, "ssl");
properties.setProperty("javax.net.ssl.trustStore", "some entry showing keystore location??");
properties.put( Context.SECURITY_AUTHENTICATION, "simple");
//properties.put( Context.SECURITY_PRINCIPAL, "userPrincipalName");
properties.put( Context.SECURITY_CREDENTIALS, "userPrincipalPassword" );
InitialDirContext context = newInitialDirectoryContext(properties);
The best I achieved was when I used
properties.put("java.naming.ldap.factory.socket" ,"com.sap.security.core.server.https.SecureConnectionFactory");
but I received the error:
Context error javax.naming.CommunicationException: ldapservername:636 [Root exception is iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier]
Any help would be greatly appreciated.
Thanks
Paul