Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

WAS4 and LDAPS - java.net.SocketException: SSL implementation not available

37 views
Skip to first unread message

Pascal Noppe

unread,
Sep 25, 2003, 12:42:42 PM9/25/03
to
Hi,

I try to access LDAP with the following code running on the WAS4 JRE:

Properties props = new Properties();
props.put(javax.naming.Context.PROVIDER_URL,
"ldap://myldap.domain.be:636");
props.put(javax.naming.Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
props.put(javax.naming.Context.SECURITY_PRINCIPAL, myUserId);
props.put(javax.naming.Context.SECURITY_CREDENTIALS, myPassword);
props.put(Context.SECURITY_AUTHENTICATION, "simple");
props.put(Context.SECURITY_PROTOCOL, "ssl");
javax.naming.directory.DirContext m_dirContext = new
InitialDirContext(props);

I added the certificate to the keystore with the command
keytool -import -v -file ldapscert.der -keystore jssecacerts

The code sample above runs perfectly on a JSDK 1.4.2 JRE. No extra
conifguration needed.

On the WAS4 JRE, however, I get the following stacktrace:

javax.naming.CommunicationException: myldap.domain.be:636. Root
exception is
java.net.SocketException: SSL implementation not available
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
at java.lang.reflect.Method.invoke(Native Method)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:211)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:127)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2398)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:258)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:91)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:674)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:255)
at javax.naming.InitialContext.init(InitialContext.java:231)
at javax.naming.InitialContext.<init>(InitialContext.java:207)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:92)
at be.reference.flexims3.ldap.LDAPConnector.accessLDAP(LDAPConnector.java:187)
at be.reference.flexims3.ldap.LDAPConnector.authenticate(LDAPConnector.java:230)
at be.reference.test.pnoppe.Test.ldapTest(Test.java:306)
at be.reference.test.pnoppe.Test.main(Test.java:30)

How can I add the appropriate SSL Implementation ??
I tried to add providers with Security.addProvider() method but no
help there...

Thanks for your help,

Pascal

Pascal Noppe

unread,
Oct 3, 2003, 4:44:27 AM10/3/03
to
Hi,

for the sake of the community I describe my way to the solution...

First of all, make sure that the certificate used is imported in the
correct keystore, otherwise you will get a 'unknown certificate'
NamingException.
The command for this is "keytool -import -v -file mycertificate.der
-keystore cacerts". The default keystore used is cacerts, with
password 'changeit'...
Oh, you can also use the IKeyman tool to do this (instead of comand
line).
Once you get passed by the unknown certificate problem, you probably
get the "java.net.SocketException: SSL implementation not available".

Secondly, make sure that the right Security Provider class is
registered.
Edit the java.security file in the same directory as your cacerts
file. Typically: WAS_HOME/java/jre/lib/security/java.security. The
following lines should be there:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.jsse.JSSEProvider
Don't ask me why, but without any of these entries it does not work...
If you are testing outside WAS v4, make sure that ibmjsse.jar is in
the classpath of your java application. That's where the ibm
JSSEProvider is located...

With these configuration changes, the code sample below should work.

For the sake of completeness, I also ran into another problem:

javax.naming.CommunicationException: Request: 1cancelled
at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:59)
at com.sun.jndi.ldap.Connection.readReply(Connection.java:287)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:329)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:182)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2405)


at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:258)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:91)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:674)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:255)
at javax.naming.InitialContext.init(InitialContext.java:231)
at javax.naming.InitialContext.<init>(InitialContext.java:207)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:92)

This was because the SecureWay LDAP was configured with both server
and client-side SSL. Once the client-side SSL was disabled, everything
worked just fine...

hope this helps anyone,

pascal

0 new messages