【发布时间】:2011-11-28 16:38:06
【问题描述】:
我正在编写一个应用程序,它将通过端口 636 接受 LDAP 查询,做一些非 ldap 的事情,然后返回一个看起来 ldap 的响应。
我对 Java 有点陌生,但已经管理了这么多——我创建了一个自签名证书,将它导入到密钥库中。
尝试建立连接时出现以下错误 - 主要,处理异常: javax.net.ssl.SSLHandshakeException:收到致命警报:unknown_ca
啊...我在底部包含了调试信息。我的应用程序确实在密钥库中找到了证书 - 感谢您的帮助。
System.setProperty("javax.net.debug", "ssl");
System.setProperty("javax.net.ssl.keyStore", "C:\\openssl\\certs\\laptop.ks");
System.setProperty("javax.net.ssl.keyStorePassword", "somepassword");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("javax.net.ssl.trustStore", "C:\\openssl\\certs\\laptop.ks");
int port = 636;
ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault();
ServerSocket ssocket;
ssocket = ssocketFactory.createServerSocket(port);
// Listen for connections
while (true)
{
Socket socket = ssocket.accept();
InputStream in = socket.getInputStream();
// do stuff
socket.close();
}
///// 程序运行时DEBUG OUT
keyStore is : C:\openssl\certs\laptop.ks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : mylaptop
chain [0] = [
[
Version: V1
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: <SNIP>
public exponent: 65537
Validity: [From: Fri Sep 30 09:55:27 EDT 2011,
To: Sat Sep 29 09:55:27 EDT 2012]
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
SerialNumber: [ 03]
]
Algorithm: [SHA1withRSA]
Signature: <snip>
]
***
trustStore is: C:\openssl\certs\laptop.ks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
算法:RSA;序列号:0x3 有效期从 2011 年 9 月 30 日星期五 09:55:27 EDT 到 2012 年 9 月 29 日星期六 09:55:27 EDT
adding as trusted cert:
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0xb85a831528797e79
Valid from Fri Sep 30 09:53:23 EDT 2011 until Sat Sep 29 09:53:23 EDT 2012
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
matching alias: mylaptop
main, called closeSocket()
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, READ: SSL v2, contentType = Handshake, translated length = 65
*** ClientHello, TLSv1
Cipher Suites: <snip>
***
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: <snip>
public exponent: 65537
Validity: [From: Fri Sep 30 09:55:27 EDT 2011,
To: Sat Sep 29 09:55:27 EDT 2012]
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
SerialNumber: [ 03]
]
Algorithm: [SHA1withRSA]
Signature:
]
***
*** ServerHelloDone
main, WRITE: TLSv1 Handshake, length = 662
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, unknown_ca
main, called closeSocket()
【问题讨论】:
-
1) 我不知道 LDAP 也通过 SSL。是真的吗? 2)客户端的代码在哪里?异常表示服务器不受信任
-
@user384706:是的 LDAP over SSL (LDAPS) 很常见。
标签: java