On Fri, May 28, 2010 at 9:39 AM, s g <sirisha.kmb(a)gmail.com> wrote:
> javax.naming.CommunicationException: simple bind failed:
> vcheung-181.lab.xxxx.net:636 [Root exception is
> sun.security.validator.ValidatorException: Netscape cert type does not
> permit use for SSL server]
> at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2658)
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
You probably have your certs round the wrong way. The server cert (on the
ldap server) should have 'SSL Server' usage flag the client cert (on the
ldap client) should have 'SSL Client' usage flag.
The usage flags are embedded when you make the csr (certificate request)
which will then usually be reflected in the generated certificate, unless
your CA overrides them.
Do a "openssl x509 -in <cert file> -noout -text" to compare the two