I am writing an application that will accept LDAP queries via port 636, do some non ldap stuff, and then hand back an ldap looking response.
I'm a bit new to Java but have managed this much - I created a self signed cert, imported it into the keystore.
When attempting to make a connection I get the following error - main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
Argh... I've included the debug information at the bottom.. My application does find the cert in the keystore - Thanks for any help.
System.setProperty("javax.net.debug", "ssl");
System.setProperty("javax.net.ssl.keyStore", "C:\\openssl\\certs\\laptop.ks");
System.setProperty("javax.net.ssl.keyStorePassword", "somepassword");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("javax.net.ssl.trustStore", "C:\\openssl\\certs\\laptop.ks");
int port = 636;
ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault();
ServerSocket ssocket;
ssocket = ssocketFactory.createServerSocket(port);
// Listen for connections
while (true)
{
Socket socket = ssocket.accept();
InputStream in = socket.getInputStream();
// do stuff
socket.close();
}
///// DEBUG OUT when program is run
keyStore is : C:\openssl\certs\laptop.ks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : mylaptop
chain [0] = [
[
Version: V1
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: <SNIP>
public exponent: 65537
Validity: [From: Fri Sep 30 09:55:27 EDT 2011,
To: Sat Sep 29 09:55:27 EDT 2012]
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
SerialNumber: [ 03]
]
Algorithm: [SHA1withRSA]
Signature: <snip>
]
***
trustStore is: C:\openssl\certs\laptop.ks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0x3 Valid from Fri Sep 30 09:55:27 EDT 2011 until Sat Sep 29 09:55:27 EDT 2012
adding as trusted cert:
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Algorithm: RSA; Serial number: 0xb85a831528797e79
Valid from Fri Sep 30 09:53:23 EDT 2011 until Sat Sep 29 09:53:23 EDT 2012
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
matching alias: mylaptop
main, called closeSocket()
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, READ: SSL v2, contentType = Handshake, translated length = 65
*** ClientHello, TLSv1
Cipher Suites: <snip>
***
Cipher suite: SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: <snip>
public exponent: 65537
Validity: [From: Fri Sep 30 09:55:27 EDT 2011,
To: Sat Sep 29 09:55:27 EDT 2012]
Issuer: CN=Donny Shrum, OU=HPC, O=FSU, L=Tallahassee, ST=FL, C=US
SerialNumber: [ 03]
]
Algorithm: [SHA1withRSA]
Signature:
]
***
*** ServerHelloDone
main, WRITE: TLSv1 Handshake, length = 662
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, unknown_ca
main, called closeSocket()
