Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-1056

Secure listener should not be created if proper keying material is not available

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6.0, 2.5.0-Xpress1, 2.4.6, 2.4.5, 2.4.4, 2.4.3, 2.4.2, 2.4.1
    • Fix Version/s: 3.0.0
    • Component/s: core server
    • Labels:
    • Environment:
      OpenDJ 2.5.0-Xpress1
    • Support Ticket IDs:
    • Sprint:
      Sustaining Sprint 1, Sustaining Sprint 2

      Description

      If integration of a 3rd party CA signed cert is not done properly this can cause not that easy to troubleshoot SSL related issue.

      Problem situation:

      Keystore used by 'Key Management Provider', referenced by LDAPS connection handler did not include a 'PrivateKeyEntry' but 'trustedCertificateEntry' only due to whatever reason.

      If OpenDJ is starting up the LDAPS connection handler is creating a socket just fine, however SSL connections fail as the keying material needed is missing on the server side.

      Inexperienced troubleshooters do not get much info if

      openssl s_client -connect OPENDJ_HOST:OPENDJ_LDAPS_PORT
      

      just fails with a one-liner.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                patrickdiligent patrick diligent
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                2 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: