StartTLS problem

Peter Schober peter.schober at
Thu Feb 28 09:46:09 EST 2013

* Rastko Isajev <risajev at> [2013-02-28 15:11]:
> I am facing with problems because of StartTLS that is mandatory when
> Shibboleth is calling LDAP connection handler.

The Shibboleth software does not have such a requirement, but your DSA
might have.

If your LDAP server requires the use of TLS and your IdP's JVM cannot
trust the certificate you need to fix one or the other:
Get a proper certificate onto the LDAP server or configure the IdP's
JVM so it has a valid trust path to the issuer of the LDAP server
certificate (e.g. by adding any missing CA or intermediary CA
certificates into the trust store).

Either way, Shibboleth has no role in this.

More information about the users mailing list