ldap trusted certs error: java.io.IOException: Empty input
Axon, Allan
Using JDK/JRE 1.7.0.21 and Tomcat 7.0.32 on Windows Server 2008
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ticketRegistryCleaner' defined in ServletContext resource [/WEB-INF/spring-configuration/ticketRegistry.xml]: Cannot resolve reference to bean 'centralAuthenticationService' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'centralAuthenticationService' defined in ServletContext resource [/WEB-INF/spring-configuration/applicationContext.xml]: Cannot resolve reference to bean 'authenticationManager' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationManager' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 'ldapAuthenticationHandler' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapAuthenticationHandler' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 'authenticator' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticator' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 'authHandler' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authHandler' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 'bindPooledLdapConnectionFactory' while setting bean property 'connectionFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'bindPooledLdapConnectionFactory' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Cannot resolve reference to bean 'bindConnectionPool' while setting bean property 'connectionPool'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'bindConnectionPool' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input
...a chain of similar errors about creating beans with root cause of ....
Caused by: java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at org.ldaptive.ssl.X509CertificatesCredentialReader.read(X509CertificatesCredentialReader.java:45)
at org.ldaptive.ssl.X509CertificatesCredentialReader.read(X509CertificatesCredentialReader.java:31)
at org.ldaptive.ssl.AbstractCredentialReader.read(AbstractCredentialReader.java:52)
at org.ldaptive.ssl.X509CredentialConfig.createSSLContextInitializer(X509CredentialConfig.java:129)
at org.ldaptive.ssl.TLSSocketFactory.initialize(TLSSocketFactory.java:52)
at org.ldaptive.ssl.ThreadLocalTLSSocketFactory.getHostnameVerifierFactory(ThreadLocalTLSSocketFactory.java:98)
... 122 more
Caused by: java.io.IOException: Empty input
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:101)
... 129 more
I don't see anything in the ldaptive or CAS 4.1 docs that mention setting a format or other attribute for the cacerts file. Still using the default keystore password as well.
Thanks for any help in advance,
----
Allan Axon
Delivery Services, Enterprise Applications and GIS Manager
Information Technology Services
NC Department of Environmental Quality
919-707-8913
----
Email correspondence to and from this address is subject to the North Carolina Public Records Law and may be disclosed to third parties unless the content is exempt by statute or other regulation.
Daniel Fisher
Caused by: java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at org.ldaptive.ssl.X509CertificatesCredentialReader.read(X509CertificatesCredentialReader.java:45)
at org.ldaptive.ssl.X509CertificatesCredentialReader.read(X509CertificatesCredentialReader.java:31)
Axon, Allan
This is the configuration I'm using:
from deployerConfigContext.xml
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.X509CredentialConfig"
p:trustCertificates="${ldap.trustedCert}" />
</property>
</bean>
from cas.properties (included is the link to the documentation I'm following)
# Putting this in based on example at http://jasig.github.io/cas/4.1.x/installation/LDAP-Authentication.html (LDAP Requiring Authentication)
#ldap.trustedCert=file:///c:/java/jre7/lib/security/cacerts
ldap.trustedCert=file:///c:/Program Files/Java/jdk1.7.0_21/jre/lib/security/cacerts
Don't know if I mentioned this is my first email, but I used the same configuration to connect to our test ldap server using ldaps and that worked. I'm now configuring for our production ldap server using ldaps and I get the error. I've imported root and intermediate certificates for both test and production ldap servers into the same cacerts files and did not have this problem when connecting to the test ldap server. Thanks in advance for any advice.
----
Allan Axon
Delivery Services, Enterprise Applications and GIS Manager
Information Technology Services
NC Department of Environmental Quality
----
Email correspondence to and from this address is subject to the North Carolina Public Records Law and may be disclosed to third parties unless the content is exempt by statute or other regulation.
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
cas-user+u...@apereo.org.
Visit this group at
https://groups.google.com/a/apereo.org/group/cas-user/.
Daniel Fisher
This is the configuration I'm using:
from deployerConfigContext.xml
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.X509CredentialConfig"
p:trustCertificates="${ldap.trustedCert}" />
</property>
</bean>
from cas.properties (included is the link to the documentation I'm following)
# Putting this in based on example at http://jasig.github.io/cas/4.1.x/installation/LDAP-Authentication.html (LDAP Requiring Authentication)
#ldap.trustedCert=file:///c:/java/jre7/lib/security/cacerts
ldap.trustedCert=file:///c:/Program Files/Java/jdk1.7.0_21/jre/lib/security/cacerts