Java 具有SSL连接的OpenLdap失败

我在本地与LinuxMint合作，并在virtualbox中安装了带有openldap的UbuntuServer。现在我配置下面的指南 TLS/SSL身份验证，但当我尝试从Java连接SSL时：

import java.io.UnsupportedEncodingException;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPException;
import com.novell.ldap.LDAPJSSESecureSocketFactory;    

public class GetAuthenticated    
{    
    public static void main( String[] args ) {
        int ldapVersion   = LDAPConnection.LDAP_V3;
        int ldapPort      = LDAPConnection.DEFAULT_PORT;
        int ldapSSLPort   = LDAPConnection.DEFAULT_SSL_PORT;
        String ldapHost = "192.168.1.46";
        String loginDN = "cn=admin,dc=company,dc=com";
        String password = "secret";    
        LDAPConnection conn = new LDAPConnection();

        simpleBind1( conn, ldapHost, ldapPort, loginDN, password );
        SSLBind( ldapVersion, ldapHost, ldapSSLPort, loginDN, password );
        System.exit(0);
    }

    private static void simpleBind1(LDAPConnection conn, String host,
                                    int port, String dn, String passwd ) {
        try {    
            System.out.println("Simple bind...");    
            // connect to the server
            conn.connect( host, port );    
            // authenticate to the server
            try {
                conn.bind( LDAPConnection.LDAP_V3, dn, passwd.getBytes("UTF8") );
            } catch (UnsupportedEncodingException u){
                throw new LDAPException( "UTF8 Invalid Encoding",
                                         LDAPException.LOCAL_ERROR,
                                         (String)null, u);
            }
            System.out.println((conn.isBound()) ?
                "\n\tAuthenticated to the server ( simple )\n":
                    "\n\tNot authenticated to the server\n");
                // disconnect with the server
            conn.disconnect();
        }
        catch( LDAPException e ) {
            System.out.println( "Error: " + e.toString() );
        }
        return;
    }

    private static void SSLBind( int version, String host, int SSLPort, 
                                                   String dn, String passwd ) {
        // Set the socket factory for this connection only
        LDAPJSSESecureSocketFactory ssf = new LDAPJSSESecureSocketFactory();
        LDAPConnection  conn = new LDAPConnection(ssf);
        try {
            System.out.println("SSL bind...");
            // connect to the server
            conn.connect( host, SSLPort);
            // authenticate to the server with the connection method
            try {
                conn.bind( version, dn, passwd.getBytes("UTF8") );
            } catch (UnsupportedEncodingException u){
                throw new LDAPException( "UTF8 Invalid Encoding",
                                         LDAPException.LOCAL_ERROR,
                                         (String)null, u);
            }
            System.out.println((conn.isBound()) ?
                "\n\tAuthenticated to the server ( ssl )\n":
                    "\n\tNot authenticated to the server\n");
            // disconnect with the server
            conn.disconnect();
        }
        catch( LDAPException e ) {
            System.out.println( "Error: " + e.toString() );
        }
        return;
    }
}

simpleBind1工作正常，但SSLBind不工作，我有以下错误：

I/O Exception on host 192.168.1.46, port 636 (91) Connect Error
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:

---

您需要将服务器证书添加到Java的密钥库中，因为我假设它是自签名的

您可以使用

openssl s_客户端-连接[主机名]：[端口如443]/tmp/lb.cert

然后将证书添加到密钥库中

keytool-importcert-keystore[密钥库位置不同，但可以是/etc/pki/java/cacerts]-storepass changeit-file/tmp/lb.cert-别名newSelfSignedKey-noprompt