Patrick Steffes
2014-08-26 19:32:21 UTC
We recently had the need to setup a script attribute definition that needed
to query our LDAP Servers.
When attempting to configure LDAP over TLS/SSL in the ECMAScript, I found
that I was unable to specify a custom java truststore using
'System.setProperty("javax.net.ssl.trustStore", "/path/to/jks")'. Running a
getProperties did show that the property was set before initializing the
socket factory and LDAPConnection but stracing showed that the custom jks
was never used.
We were able to resolve this by using the alternative method of setting the
trustStore at the command line in the tomcat environment and in aacli.sh
with '-Djavax.net.ssl.trustStore=/path/to/jks'.
As all is working well I'm just hoping to get some more information on if I
*should* be able to set this value in the script or if this working as
expected? I'm guessing this is just due to my elementary understanding of
java TLS/SSL so any documentation or additional info would be appreciated.
Thanks,
Patrick
to query our LDAP Servers.
When attempting to configure LDAP over TLS/SSL in the ECMAScript, I found
that I was unable to specify a custom java truststore using
'System.setProperty("javax.net.ssl.trustStore", "/path/to/jks")'. Running a
getProperties did show that the property was set before initializing the
socket factory and LDAPConnection but stracing showed that the custom jks
was never used.
We were able to resolve this by using the alternative method of setting the
trustStore at the command line in the tomcat environment and in aacli.sh
with '-Djavax.net.ssl.trustStore=/path/to/jks'.
As all is working well I'm just hoping to get some more information on if I
*should* be able to set this value in the script or if this working as
expected? I'm guessing this is just due to my elementary understanding of
java TLS/SSL so any documentation or additional info would be appreciated.
Thanks,
Patrick