[midPoint] Fwd: AD configuration with LDAP Connector, ssl issue

Dilek Gider dilek.gider at basistek.com
Tue Apr 25 09:14:26 CEST 2017 

Hi Brad,

I didn't get certificate, our customer gave to me .cer file that contains
certificate, AD belongs to customer.
But with that certificate, I can connect to AD 636 port with java code.

I imported that certificate to midpoint keystore, and also java sdk
keystore.
I added java options to tomcat to trust to midpoint keystrore. (
-Djavax.net.ssl.trustStore=.....)

On Tue, Apr 25, 2017 at 8:38 AM, Brad Fardig <brad.fardig at cogitogroup.com.au
> wrote:

> Hi,
>
>
>
> Just checking, did you add the domain controllers certificate to the key
> store?
>
>
>
> https://wiki.evolveum.com/pages/viewpage.action?pageId=15859743
>
>
>
> Regards,
>
>
>
> Brad
>
>
>
>
>
>
>
> *From:* midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On Behalf
> Of *dilek.gider at basistek.com
> *Sent:* Tuesday, 25 April 2017 3:03 PM
> *To:* Jason Everling <jeverling at bshp.edu>; midPoint General Discussion <
> midpoint at lists.evolveum.com>
> *Subject:* Re: [midPoint] Fwd: AD configuration with LDAP Connector, ssl
> issue
>
>
>
> Thank you for your reply, i created keystore manually with wiki evolveum
> Keysotore Configuration document. I dont know how if midpoint creates
> keystore by itself, automatically.
>
>
>
> ------ Original message------
>
> *From: *Jason Everling
>
> *Date: *Mon, Apr 24, 2017 18:41
>
> *To: *midPoint General Discussion;
>
> *Cc: *
>
> *Subject:*Re: [midPoi nt] Fwd: AD configuration with LDAP Connector, ssl
> issue
>
>
>
> From what I can see, it is showing 'unsupported ciphersuite' along with
> other ssl/tls startup errors. Did you let midpoint create the keystore when
> it first started up or did you manually create it? The midpoint team should
> be able to help further but I have never encountered that error before with
> midpoint. Only ssl chain errors which is easily fixed and I dont see that
> in your logs.
>
>
>
>
> JASON
>
>
>
> On Mon, Apr 24, 2017 at 7:26 AM, Dilek Gider <dilek.gider at basistek.com>
> wrote:
>
> Hi Again,
>
>
>
> Is there anybody to help me please.. Details are below.
>
>
>
> ---------- Forwarded message ----------
> From: *Dilek Gider* <dilek.gider at basistek.com>
> Date: Thu, Apr 20, 2017 at 4:20 PM
> Subject: AD configuration with LDAP Connector, ssl issue
> To: midPoint General Discussion <midpoint at lists.evolveum.com>
>
> Hi ,
>
>
>
> I have resource to AD from midpoint, with LDAP Connector. You can find
> resource.xml as attchment. I couldn't connect this resource with LDAP via
> SSL. I followed
>
>
>
> https://wiki.evolveum.com/display/midPoint/Keystore+Configuration
> <https://wiki.evolveum.com/displ%20ay/midPoint/Keystore+Configuration>
>
>
>
> link, added Tomcat java options but it doens't work. Also I added logs
> about this resource, error logs.
>
>
>
> I wrote java jar to connect AD via ssl and execute it from the same
> location with my java connector, it succeeded. But  in midpoint it could
> not communicate with AD via SSL. Without SSL, it is communicating with AD
> from LDAPConnector.
>
>
>
> I have java 8_101, tomcat 8.5.
>
> I have certificate as "cer" file, I imported to both java cacerts and
> midpoint keystore. and it is listed with my alias:
>
> Keystore type: JCEKS
>
> Keystore provider: SunJCE
>
>
>
> Your keystore contains 3 entries
>
>
>
> nlight, Mar 21, 2017, trustedCertEntry,
>
> Certificate fingerprint (SHA1): XXXXXXXXX
>
> default, Nov 30, 2016, SecretKeyEntry,
>
> tirsantest.local, Apr 19, 2017, trustedCertEntry,
>
> Certificate fingerprint (SHA1): XXXXXXXXXXXX
>
>
>
> Could you help me? I am working on this problem for two weeks.
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/ listinfo/midpoint
> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
>
>
>
> *This email, and any attachment, is confidential and also privileged. If
> you have received it in error, please notify me immediately and delete it
> from your system along with any attachments. You should not copy or use it
> for any purpose, nor disclose its contents to any other person. *
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170425/f92ca5a7/attachment.htm>

More information about the midPoint mailing list