如何在SpringLDAP中配置SSL?
我是SpringLDAP新手,在通过SSL连接到ldap时遇到了问题。 我正在使用SpringLDAP 2.0连接LDAP如何在SpringLDAP中配置SSL?,spring,ssl,active-directory,Spring,Ssl,Active Directory,我是SpringLDAP新手,在通过SSL连接到ldap时遇到了问题。 我正在使用SpringLDAP 2.0连接LDAP applicationContext.xml <context:property-placeholder location="classpath:ldap.properties" ignore- unresolvable="true"/> <ldap:context-source id="contextSource" password="
applicationContext.xml
<context:property-placeholder location="classpath:ldap.properties" ignore- unresolvable="true"/>
<ldap:context-source id="contextSource" password="${ldap.password}"
url="${ldap.url}" username="${ldap.userDn}" base="${ldap.base}" >
</ldap:context-source>
<ldap:ldap-template id="ldapTemplate" context-source-ref="contextSource" />
Entries from Ldap property file:
ldap.url=ldaps://eun4p3.stp-dev.st.com:636
ldap.userDn=CN=IP User,OU=AdminAccounts,DC=stp-dev,DC=st,DC=com
ldap.password=useme@123
ldap.base=OU=ST,OU=People,DC=stp-dev,DC=st,DC=com
ldap.clean=false
Caused by: org.springframework.ldap.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636; nested exception is javax.naming.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:175) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:309) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:642) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:578) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.find(LdapTemplate.java:1836) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.find(LdapTemplate.java:1857) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.findOne(LdapTemplate.java:1865) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at com.st.liotroevo.web.dao.UserADRepository.findBySamAccountName(UserADRepository.java:48) [classes:]
at com.st.liotroevo.web.service.UserService.findUserBySamAccName(UserService.java:75) [classes:]
at com.st.liotroevo.web.service.UserService.generateSamAccount(UserService.java:145) [classes:]
at com.st.liotroevo.web.service.UserService.populateUserBaiscADAttributes(UserService.java:101) [classes:]
at com.st.liotroevo.web.service.serviceImpl.IPRegistrationServiceImpl.createUser(IPRegistrationServiceImpl.java:48) [classes:]
... 39 more
Caused by: javax.naming.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) [rt.jar:1.7.0_21]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0_21]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0_21]
at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0_21]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_21]
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
... 55 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) [jsse.jar:1.7.0_21]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) [jsse.jar:1.7.0_21]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882) [jsse.jar:1.7.0_21]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102) [jsse.jar:1.7.0_21]
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235) [rt.jar:1.7.0_21]
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275) [rt.jar:1.7.0_21]
at java.io.BufferedInputStream.read(BufferedInputStream.java:334) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.Connection.run(Connection.java:849) [rt.jar:1.7.0_21]
... 1 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) [rt.jar:1.7.0_21]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) [rt.jar:1.7.0_21]
at sun.security.validator.Validator.validate(Validator.java:260) [rt.jar:1.7.0_21]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) [jsse.jar:1.7.0_21]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) [jsse.jar:1.7.0_21]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) [jsse.jar:1.7.0_21]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323) [jsse.jar:1.7.0_21]
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) [rt.jar:1.7.0_21]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) [rt.jar:1.7.0_21]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) [rt.jar:1.7.0_21]
原因:org.springframework.ldap.CommunicationException:简单绑定失败:eun4p3.stp-dev.st.com:636;嵌套异常为javax.naming.CommunicationException:简单绑定失败:eun4p3.stp-dev.st.com:636[根异常为javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效认证路径]
位于org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
位于org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
位于org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
位于org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:175)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
位于org.springframework.ldap.transaction.compensing.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
位于org.springframework.ldap.transaction.compensing.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
在org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
在org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:309)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
在org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:642)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
在org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:578)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
在org.springframework.ldap.core.LdapTemplate.find(LdapTemplate.java:1836)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
在org.springframework.ldap.core.LdapTemplate.find(LdapTemplate.java:1857)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
在org.springframework.ldap.core.LdapTemplate.findOne(LdapTemplate.java:1865)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
在com.st.liotroevo.web.dao.UserADRepository.findBySamAccountName(UserADRepository.java:48)[类:]
在com.st.liotroevo.web.service.UserService.findUserBySamAccName(UserService.java:75)[类:]
在com.st.liotroevo.web.service.UserService.generateSamAccount(UserService.java:145)[类:]
在com.st.liotroevo.web.service.UserService.populateUserBaisCadAttribute(UserService.java:101)[类:]
在com.st.liotroevo.web.service.serviceImpl.IPRegistrationServiceImpl.createUser(IPRegistrationServiceImpl.java:48)[类:]
... 39多
原因:javax.naming.CommunicationException:简单绑定失败:eun4p3.stp-dev.st.com:636[根异常为javax.net.ssl.SSLHandshakeException:sun.security.validator.validator.ValidatorException:PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效认证路径]
在com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215)[rt.jar:1.7.0\u 21]
在com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)[rt.jar:1.7.0\u 21]
在com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:316)[rt.jar:1.7.0_21]
在com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)[rt.jar:1.7.0\u 21]
在com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)[rt.jar:1.7.0\u 21]
在com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)[rt.jar:1.7.0\u 21]
在com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)[rt.jar:1.7.0\u 21]
位于javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)[rt.jar:1.7.0_21]
在javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)[rt.jar:1.7.0\u 21]
在javax.naming.InitialContext.init(InitialContext.java:242)[rt.jar:1.7.0_21]
位于javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:153)[rt.jar:1.7.0\u 21]
位于org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
位于org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344)[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
... 55多
原因:javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径生成失败:sun.security.provider.certpath.SunCertPathBuilderException:找不到请求目标的有效证书路径
在sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[jsse.jar:1.7.0\u21]
位于sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)[jsse.jar:1.7.021]
在sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)[jsse.jar:1.7.0\u21]
在sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)[jsse.jar:1.7.0\u21]
位于sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341)[jsse.jar:1.7.021]
在sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)[jsse.jar:1.7.021]
位于sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)[jsse.jar:1.7.0\u21]
在sun.security.ssl.Handshaker.process_记录(Handshaker.java:804)[jsse.jar:1.7.0_21]
在sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)[jsse.jar:1.7.021]
Caused by: org.springframework.ldap.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636; nested exception is javax.naming.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:175) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadOnlyContext(TransactionAwareContextSourceProxy.java:61) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:309) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:642) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:578) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.find(LdapTemplate.java:1836) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.find(LdapTemplate.java:1857) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.LdapTemplate.findOne(LdapTemplate.java:1865) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at com.st.liotroevo.web.dao.UserADRepository.findBySamAccountName(UserADRepository.java:48) [classes:]
at com.st.liotroevo.web.service.UserService.findUserBySamAccName(UserService.java:75) [classes:]
at com.st.liotroevo.web.service.UserService.generateSamAccount(UserService.java:145) [classes:]
at com.st.liotroevo.web.service.UserService.populateUserBaiscADAttributes(UserService.java:101) [classes:]
at com.st.liotroevo.web.service.serviceImpl.IPRegistrationServiceImpl.createUser(IPRegistrationServiceImpl.java:48) [classes:]
... 39 more
Caused by: javax.naming.CommunicationException: simple bind failed: eun4p3.stp-dev.st.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:215) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) [rt.jar:1.7.0_21]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0_21]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0_21]
at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0_21]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_21]
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:42) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344) [spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
... 55 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) [jsse.jar:1.7.0_21]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1341) [jsse.jar:1.7.0_21]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) [jsse.jar:1.7.0_21]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) [jsse.jar:1.7.0_21]
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882) [jsse.jar:1.7.0_21]
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102) [jsse.jar:1.7.0_21]
at java.io.BufferedInputStream.fill(BufferedInputStream.java:235) [rt.jar:1.7.0_21]
at java.io.BufferedInputStream.read1(BufferedInputStream.java:275) [rt.jar:1.7.0_21]
at java.io.BufferedInputStream.read(BufferedInputStream.java:334) [rt.jar:1.7.0_21]
at com.sun.jndi.ldap.Connection.run(Connection.java:849) [rt.jar:1.7.0_21]
... 1 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) [rt.jar:1.7.0_21]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) [rt.jar:1.7.0_21]
at sun.security.validator.Validator.validate(Validator.java:260) [rt.jar:1.7.0_21]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) [jsse.jar:1.7.0_21]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) [jsse.jar:1.7.0_21]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) [jsse.jar:1.7.0_21]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1323) [jsse.jar:1.7.0_21]
... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) [rt.jar:1.7.0_21]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) [rt.jar:1.7.0_21]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) [rt.jar:1.7.0_21]
final String KS_PASSWORD = "dummy";
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, KS_PASSWORD.toCharArray());
CertificateFactory cf = CertificateFactory.getInstance("X.509");
try (InputStream cert = new URL("http://pki.yourcompany.intranet/root.pem").openStream()) {
Certificate certificate = cf.generateCertificate(cert);
ks.setCertificateEntry(certificateName, certificate);
}
File keystore = new File("truststore.jks").getAbsoluteFile();
try (FileOutputStream fos = new FileOutputStream(keystore)) {
ks.store(fos, KS_PASSWORD.toCharArray());
}
System.setProperty("javax.net.ssl.trustStore", keystore.getAbsolutePath());
System.setProperty("javax.net.ssl.trustStorePassword", KS_PASSWORD);