we are trying to connect our portal server (2004s) to the corporate LDAP-Server (Novell) via SSL in read only mode.
Unfortunately due to our IT infrastructure the portal server can't see the LDAP-server directly. There is a router inbetween the two which translates the IP-address and the port of the LDAP server.
We entered all information the way the portal server sees the LDAP server (including a valid dialogue user) and we can ping to the LDAP server from the UNIX-machine the portal is running on. Connection tests from the portal's UI fail.
The problem seems to be that the portal server rejects the certificate of the LDAP-server. We found "Peer certificate is not trusted or expired" messages in the defaultTrace files.
Am I right in assuming that the handshake is meant to go as follows:
1. First the LDAP server sends its certificate
2. The portal server authenticates it.
3. The portal server sends user name and password.
If that is the case, how can we make the portal server accept the certificate from the LDAP server even though the portal only sees the router? We already imported the certificate of the LDAP-server to the portal's key store, but the way I see it the problem is the router inbetween the two.
Unfortunately, getting rid of the router is not an option. 😉
Thanks a lot in advance,
The LDAP server logs contain the following:
[07.05.2007 16:13:02.71] LDAP : New TLS connection 0xb78c110 from 10.64.6.244:56405, monitor = 0xb9c, index = 11
[07.05.2007 16:13:02.85] LDAP : Monitor 0xb9c initiating TLS handshake on connection 0xb78c110
[07.05.2007 16:13:02.85] LDAP : DoTLSHandshake on connection 0xb78c110
[07.05.2007 16:13:02.96] LDAP : TLS accept failure 1 on connection 0xb78c110, setting err = -5875. Error stack:
error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate - SSL alert number 42
[07.05.2007 16:13:02.96] LDAP : TLS handshake failed on connection 0xb78c110, err = -5875
[07.05.2007 16:13:02.96] LDAP : BIO ctrl called with unknown cmd 7
[07.05.2007 16:13:02.98] LDAP : Server closing connection 0xb78c110, socket error = -5875
[07.05.2007 16:13:02.98] LDAP : Connection 0xb78c110 closed