Secure LDAP problems

[Dmadzia]

OK, I am tired of beating my head against the wall, so I am asking for help. I
have a Windows 2000 server with MX6.1. I am currently using CFLDAP queries
without any problems using unsecure port 389). I am trying to secure the LDAP
communications with SSL. The certificate was signed by our Novell LDAP server
itself (we did not use an outside CA like Verisign.) I have added the
parameters PORT='636' SECURE='CFSSL_BASIC' to my CFLDAP tags. I keep getting
the error 'Connection to LDAP Server failed'. I found a Technote
([url]http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_19139[/url]) on
importing the cert with the keytool command. The certificate seems to import
without any problems, and I can view it with the 'keytool -list -keystore
cacerts -alias ldapserver-cert' command with no problems. I don't know what
else to try. I have googled high and low. I have downloaded the 'LDAP browser
by Jarek Gawor' applet and can connect securely to the LDAP server after
hitting 'This session Only' button to the 'Do you want to trust the following
CA certificate:....' What am I missing here? This can't be that difficult....
Thanks to anyone who can shed some light. Dan

[boogey__man]

Originally posted by: Dmadzia
OK, I am tired of beating my head against the wall, so I am asking for help. I
have a Windows 2000 server with MX6.1. I am currently using CFLDAP queries
without any problems using unsecure port 389). I am trying to secure the LDAP
communications with SSL. The certificate was signed by our Novell LDAP server
itself (we did not use an outside CA like Verisign.) I have added the
parameters PORT="636" SECURE="CFSSL_BASIC" to my CFLDAP tags. I keep getting
the error "Connection to LDAP Server failed". I found a Technote
([url]http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_19139[/url]) on
importing the cert with the keytool command. The certificate seems to import
without any problems, and I can view it with the "keytool -list -keystore
cacerts -alias ldapserver-cert" command with no problems. I don't know what
else to try. I have googled high and low. I have downloaded the "LDAP browser
by Jarek Gawor" applet and can connect securely to the LDAP server after
hitting "This session Only" button to the "Do you want to trust the following
CA certificate:...." What am I missing here? This can't be that difficult....
Thanks to anyone who can shed some light. Dan

I am having the same type of problem with securely connecting CFLDAP to a
Novell 6.5 box. I am running on Windows XP Professional with CFMX 7 and Apache
2.0.54. I have done everything mentioned in the previous post (including
beating my head against the wall) with no luck. The only other problem that I
am having is getting CF to use SSL, I get "JRun Connector Protocol Error." when
I enable SSL on CF. This happens whether Apache SSL is on or off.

Any help is appreciated.

Thanks
Chris Brown

[Dmadzia]

I was finally able to figure out my SSL problems. The Tech Notes do not
specially tell you the the KeyTool program inserts the certificate into a file
called cacerts in the SAME directory the KeyTool program resides. To get it to
work properly, I had to copy the existing CACERTS file under my Windows
C:\CFusionMX7\runtime\jre\lib\security directory to where the KeyTool lives
(C:\CFusionMX7\runtime\jre\bin on my server), run the Keytool program to insert
my certificate into the CACERTS file, then copy the CACERTS back to its
original directory (security directory). The Cold Fusion services then need
restarted.
That is how I was able to get mine working. Good Luck! Dan.