LDAP SSL with it's own JKS on IDP?
Byte Flinger
byteflinger at gmail.com
Tue Oct 15 15:38:42 EDT 2013
Unfortunately it is not an option for me.
Is that a limitation of the product? Push comes to shove I could use the
java keystore but I'd rather keep it in a separate keystore if possible.
On Oct 15, 2013 9:24 PM, "Daniel Fisher" <dfisher at vt.edu> wrote:
> On Tue, Oct 15, 2013 at 8:42 AM, Byte Flinger <byteflinger at gmail.com>wrote:
>
>> Hi
>>
>> I have read the Shibboleth IDP wiki page on how to configure ldap ssl
>> using java's own keystore and my tests worked fine that way using ldaps
>> however I would like to use my own separate keystore somewhere else in the
>> disk.
>>
>> I tried using the "sslSocketFactory" on login.config to point to a JKS
>> but that gives me some IO errors, also pointing to just the crt of the CA
>> did not seem to work (Got certificate path errors even though I tried both
>> with the client certificate and the CA certificate immediately under it).
>>
>> Is it possible to use a separate keystore for both login and also for the
>> attribute connector?
>>
>> I should mention that this is on IDP 2.4 and that I am not using
>> StartTLS, it is a straight ssl connection to the ldap server.
>>
>
> This is much easier if you use StartTLS, is that an option?
>
> --Daniel Fisher
>
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20131015/368c07b1/attachment.html
More information about the users
mailing list