You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by pradeep kumar immadisetty <i_...@hotmail.com> on 2007/01/20 13:57:59 UTC

ssl and tomcat

Hi....

I'm trying to change user password in Activedirectory... For this i use ssl 
connection.... i get the ssl connection for AD using java code...

String keystore = "<java_home>/jre/lib/security/cacerts";
System.setProperty("javax.net.ssl.trustStore",keystore);

env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
env.put(Context.SECURITY_PROTOCOL,"ssl");
String ldapURL = "ldaps://mydc.speedrock.com:636";
env.put(Context.PROVIDER_URL,ldapURL);

DirContext ctx = new InitialLdapContext(env,null);


i use this code in my web application and using server tomcat 5.5 server...

Steps:
1. Started my tomcat server
2. attempt to change ActiveDirectory user password.
    At this time i'm not importing AD server certificate into cacerts file..
    In this situation it throws exception.
3. now i import the valid certificate into cacerts file using keytool 
command

   keytool -import -alias _xyzADCert -keystore 
<java_home>/jre/lib/security/cacerts  -keypass   changeit -storepass 
changeit -noprompt -file <java_home>/jre/lib/security/ca.cer;

when i run this command from console, import the certificate 
successfully....

4. now again attempts to change password...
    In this situation it gives same previous exception....

But, when i restart the tomcat server and attempts change password, its 
working fine...


The same thing happens in case of delete certificate...

Steps:
1.Start the tomcat server

2. import valid certificate using keytool command
  keytool -import -alias _xyzADCert -keystore 
<java_home>/jre/lib/security/cacerts  -keypass   changeit -storepass 
changeit -noprompt -file <java_home>/jre/lib/security/ca.cer;

3. Try to change password....working fine

4. delete the certificate using keytool command

keytool -delete -alias _xyzADCert -keystore 
<java_home>/jre/lib/security/cacerts  -keypass changeit -storepass changeit

when i run this command certificate deleted from cacerts file....
for confirmation, once again i run this command...it gives alias does not 
exit message.

5. Now, i re attempts to change password with out restaring tomcat server...
   instead of throwing exception like "simple bind failed", password updated 
in server for user.

6. But, when i restart the tomcat server, it gives the exception like 
"simple bind failed" when i try to  change password.

my target is with out restarting server ..do change password successfully 
when i import the certificate and throw exception when i delete the 
certificate from cacerts file...

_________________________________________________________________
Get up-to-date with movies, music and TV. Its happening on MSN Entertainment 
http://content.msn.co.in/Entertainment/Default


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org