[midPoint] Fwd: AD configuration with LDAP Connector, ssl issue

Jason Everling jeverling at bshp.edu
Tue Apr 25 16:31:52 CEST 2017 

I didnt even think about this, did you install the Java Cryptography
Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 ? That could
be the casue of your first error,  default key size. Original error:
Illegal key size

JASON

On Tue, Apr 25, 2017 at 9:19 AM, Jason Everling <jeverling at bshp.edu> wrote:

> is this as actual domain controller? Are you sure that that isn't just the
> domain?
> <gen493:host>tirsantest.local</gen493:host>
>
> it should contain an actual dc host like
> <gen493:host>dc1.tirsantest.local</gen493:host>
>
>
>
> JASON
>
> On Tue, Apr 25, 2017 at 2:14 AM, Dilek Gider <dilek.gider at basistek.com>
> wrote:
>
>> Hi Brad,
>>
>> I didn't get certificate, our customer gave to me .cer file that contains
>> certificate, AD belongs to customer.
>> But with that certificate, I can connect to AD 636 port with java code.
>>
>> I imported that certificate to midpoint keystore, and also java sdk
>> keystore.
>> I added java options to tomcat to trust to midpoint keystrore. (
>> -Djavax.net.ssl.trustStore=.....)
>>
>> On Tue, Apr 25, 2017 at 8:38 AM, Brad Fardig <
>> brad.fardig at cogitogroup.com.au> wrote:
>>
>>> Hi,
>>>
>>>
>>>
>>> Just checking, did you add the domain controllers certificate to the key
>>> store?
>>>
>>>
>>>
>>> https://wiki.evolveum.com/pages/viewpage.action?pageId=15859743
>>>
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>> Brad
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From:* midPoint [mailto:midpoint-bounces at lists.evolveum.com] *On
>>> Behalf Of *dilek.gider at basistek.com
>>> *Sent:* Tuesday, 25 April 2017 3:03 PM
>>> *To:* Jason Everling <jeverling at bshp.edu>; midPoint General Discussion <
>>> midpoint at lists.evolveum.com>
>>> *Subject:* Re: [midPoint] Fwd: AD configuration with LDAP Connector,
>>> ssl issue
>>>
>>>
>>>
>>> Thank you for your reply, i created keystore manually with wiki evolveum
>>> Keysotore Configuration document. I dont know how if midpoint creates
>>> keystore by itself, automatically.
>>>
>>>
>>>
>>> ------ Original message------
>>>
>>> *From: *Jason Everling
>>>
>>> *Date: *Mon, Apr 24, 2017 18:41
>>>
>>> *To: *midPoint General Discussion;
>>>
>>> *Cc: *
>>>
>>> *Subject:*Re: [midPoi nt] Fwd: AD configuration with LDAP Connector,
>>> ssl issue
>>>
>>>
>>>
>>> From what I can see, it is showing 'unsupported ciphersuite' along with
>>> other ssl/tls startup errors. Did you let midpoint create the keystore when
>>> it first started up or did you manually create it? The midpoint team should
>>> be able to help further but I have never encountered that error before with
>>> midpoint. Only ssl chain errors which is easily fixed and I dont see that
>>> in your logs.
>>>
>>>
>>>
>>>
>>> JASON
>>>
>>>
>>>
>>> On Mon, Apr 24, 2017 at 7:26 AM, Dilek Gider <dilek.gider at basistek.com>
>>> wrote:
>>>
>>> Hi Again,
>>>
>>>
>>>
>>> Is there anybody to help me please.. Details are below.
>>>
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: *Dilek Gider* <dilek.gider at basistek.com>
>>> Date: Thu, Apr 20, 2017 at 4:20 PM
>>> Subject: AD configuration with LDAP Connector, ssl issue
>>> To: midPoint General Discussion <midpoint at lists.evolveum.com>
>>>
>>> Hi ,
>>>
>>>
>>>
>>> I have resource to AD from midpoint, with LDAP Connector. You can find
>>> resource.xml as attchment. I couldn't connect this resource with LDAP via
>>> SSL. I followed
>>>
>>>
>>>
>>> https://wiki.evolveum.com/display/midPoint/Keystore+Configuration
>>> <https://wiki.evolveum.com/displ%20ay/midPoint/Keystore+Configuration>
>>>
>>>
>>>
>>> link, added Tomcat java options but it doens't work. Also I added logs
>>> about this resource, error logs.
>>>
>>>
>>>
>>> I wrote java jar to connect AD via ssl and execute it from the same
>>> location with my java connector, it succeeded. But  in midpoint it could
>>> not communicate with AD via SSL. Without SSL, it is communicating with AD
>>> from LDAPConnector.
>>>
>>>
>>>
>>> I have java 8_101, tomcat 8.5.
>>>
>>> I have certificate as "cer" file, I imported to both java cacerts and
>>> midpoint keystore. and it is listed with my alias:
>>>
>>> Keystore type: JCEKS
>>>
>>> Keystore provider: SunJCE
>>>
>>>
>>>
>>> Your keystore contains 3 entries
>>>
>>>
>>>
>>> nlight, Mar 21, 2017, trustedCertEntry,
>>>
>>> Certificate fingerprint (SHA1): XXXXXXXXX
>>>
>>> default, Nov 30, 2016, SecretKeyEntry,
>>>
>>> tirsantest.local, Apr 19, 2017, trustedCertEntry,
>>>
>>> Certificate fingerprint (SHA1): XXXXXXXXXXXX
>>>
>>>
>>>
>>> Could you help me? I am working on this problem for two weeks.
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/ listinfo/midpoint
>>> <http://lists.evolveum.com/mailman/listinfo/midpoint>
>>>
>>>
>>>
>>>
>>>
>>> *This email, and any attachment, is confidential and also privileged. If
>>> you have received it in error, please notify me immediately and delete it
>>> from your system along with any attachments. You should not copy or use it
>>> for any purpose, nor disclose its contents to any other person. *
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170425/e64461c3/attachment.htm>

More information about the midPoint mailing list