N95. Installing personal certificate to enable MfE

Similar Messages

• How to install personal certificate on N95?

  Hi,
  Does anyone know how to install a personal certificate on the N95? I need to connect to my office WLAN using Radius authentication. I have tried to bluetooth the .cer file to the phone and it does not recognize the file or install it. I am familiar with all of the WPA settings (EAP-Peap-MSCHAP v2....etc) which do not work or seem to work without the personal cert.
  Thanks,
  Greg

  I also need to import a personal certificate on a N95 for synchronization with the company exchange server.
  I tried to import thru bluetooth in a .p12, .cer format. I tried also to modify the certificate with openSLL.
  It seems that is not possible to import personal certificate exported from the exchange server on a N95!!
  The support site answered me just to import it in a .p12 format. I'm not dummy, I know what I did, I just become a message that the file is corrupt, but I can use this certificate on all other mobiles!
  I will change to a Sonyericsson P1, or do someone know how to solve the problem? Also the support didn't tell me when there will be a version 13 of the firmware, if the problem is known and if is possibile to downgrade to version 10.

• Installing "Personal Certificates"?

  The Safari Help file (in the "About Certificates" topic) says:
  "If you need to connect to a website that requires a personal certificate, you'll be provided with a certificate and instructions for installing it."
  Anyone figure out what those instructions might say? Or is the lack of support a beta "feature"?
  TIA

  Safari uses standard Windows certificates implementation, so you should read about it in Windows documentation, for example: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/c ert_ovr.mspx?mfr=true

• I am unable to access sites which require an ssl certificate. I have installed the certificates and enabled access by applications.

  Firefox 8 does not ask for the certificate, it simply refuses to display the page. Running an asus transformer on android 3,on my desktop accessing the same site firefox asks me to choose the certificate. Initially I was asked to install the certificates,firefox mobile does not ask. Android lets me install the certificate

  I'd recommend reposting in the Boot Camp forum, that is where the Boot Camp and Windows gurus hang out.
  Good luck.

• Although i have imported my Personal Certificates into Firfox successfully, they except one, don't show up in certificate manager. I have installed Penango also.

  Hello,
  I wish to describe the problem with the display of imported certificates in certificate manager in the latest version of firefox.
  Here is the sequence of events as it occurred -
  1. Few weeks back i installed my Personal Certificate which was automatically visible in the Certificate Manager of Firefox.
  2. Few days back i installed Penango.
  3. Two days back i installed Comodo free email certificate in Internet Explorer. Then i exported it (Personal Information Exchange with key & with chain) to a folder. Then i opened the Certificate Manager in Firefox and imported it successfully along with the keys (as per the window notification during importing). However the certificate is not visible in the certificate manager of Firefox.
  Kindly help in resolving this issue.
  Thanks.

  Yes, i have checked according to "Tools > Options > Advanced : Encryption: Certificates - View Certificates ". Only one of my personal certificate is shown. In total i have 4 personal digital certificates. All 4 are shown in the certificate manager of my other browsers (Internet Explorer 8 and Google Chrome).
  And yes another import of the other three certificates showed that the they are already installed.
  If you need any more information please feel free to ask me.
  Thanks for your help.

• Cannot log anyone onto one computer due to personal certificate error

  I have a client who just deployed Lync with Office 365. On one user's computer, no one can log into Lync. If she goes to any other computer, she can log in fine. If another user tries on her computer, they get the same error. It's the error about a personal
  certificate. I went through the troubleshooting wizard, deleting the SIP folder, and deleting all the certificates associated with Office or otherwise generated the same day as the Lync install. But it did not work. Tried uninstalling and reinstalling several
  times, with no success. They are using a reseller from Office 365, and contacting their engineers, THEY were unable to assist. Is there anything else to check? The user stated when she saw other people first log in, they had a pop up to accept a certificate.
  But she never got one on her computer.

  Hi,
  On Lync client, OptionàPersonalàclick Advanced...button
  beside Sign-in address, check if you choice “Automatic configuration”. If not, change to it and then test again.
  Please also reg delete HKCU\Software\Microsoft\Office\15.0\Lync\[email protected] /f.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Why do we have to install a certificate, put a pin in the lockscreen?

  I tried to install a certificate, but are asked to put a PIN, leave the place the PIN you can enable the sliding mode lockscreen! In GB, this process was very simple, and does not alter the method of lockscreen. How to activate the certificate without changing the lockscreen??

  it seems that there isn't a way around it, I would check the market for a third party lock
  LOCK SCREEN
  https://market.android.com/details?id=com.teslacoilsw.widgetlocker&feature=search_result#?t=W251bGws.....
  ICS Lockscreen HD
  https://market.android.com/details?id=com.dj.golocker.theme.icecream&feature=search_result#?t=W251bG...
  https://market.android.com/details?id=dcombl.golocker.ics&feature=related_apps#?t=W251bGwsMSwxLDEwOS...
  Lucent Lock Screen
  https://play.google.com/store/apps/details?id=com.whitegorillamedia.lockscreen&feature=search_result....
  Extended Controls
  https://play.google.com/store/apps/details?id=com.extendedcontrols&feature=related_apps#?t=W251bGwsM.....
  Don't forget to mark the Correct Answers & Helpful Answers
  "I'd rather be hated for who I am, than loved for who I am not." Kurt Cobain (1967-1994)

• E61 cannot import personal certificate

  Hello,
  I can't import personal certificate. I have personal certificate in p12 (pkcs12) format and it can be imported into firefox without any issues. However when I open this certificate on E61 I am asked for:
  password for my certificate - I enter correct one
  E61 proceeds to to Screen where it says:
  File contains:
  1 private key
  1 personal certificate
  1 authority certificate
  Save? When I click on save I get message:
  Private key corrupted!
  then it proceeds to CA which works fine.
  What I am doing wrong? Kindly assist as this is show stopper in 170K+ employees company.

  Hi,
  I'm not only unlucky, I'm frustrated! :-(
  I've got exactly the same problem. Modell: E65.
  In our company around 50000 users are already using personal certificates, generated using an openssl pki framework.
  Installing/migrating/running a Windows-PKI instead, only for importing P12-Files into our Nokia mobile's is not a solution nor an option.
  All our user-certificates (Server-,Client-,Multi-Level-CA-Certificates) are working fine within standard-protocols and standard applications (e.g. IMAPS, VPN/IPSec, WPA-EAP-TTLS/TLS, HTTPS, LDAPs,...), even within Microsoft's client-appilcations (IE / Outlook) there are no problems importing / using them for encryption, authentication or signing purposes.
  So there should be no problem, regarding the import into a E65?!
  I tried to convert some demo-certificates various ways, exported, converted them to DER, build different P12-formated files but not chance: the E65 always reports "File corrupted".
  I also followed the instruction found under
  https://blogs.forum.nokia.com/view_entry.html?id=412
  So I tried to download a p12-Container directly from a test-webserver using the correct mime-type, no luck: Corrupted File!
  But on the other hand, any p12-file, which the E65 says is corrupted, could be imported into IE/Firefox/Outlook/Thunderbird (the later two on windows & linux plattforms) or opened/investigated using openssl (0.9.8c and 0.9.8d) on the command line without any problems.
  The hint (two posts above), creating certificates using MS-AD-integrated PKI gave me a small hope again. (Please do not understand me wrong, migrating all our user/server certs and PKI-Infrastructure to MS is completly impossible, but a small test will show whether out p12-Files cause the corruption problems).
  So I imported (doubleclick, windows wizard...) the openssl-generated p12 into IE (flagged "exportable") without problems. Right after the import, I exported it various ways (e.g. w/o stong encryption) into a MS-pfx (aka p12) formated file. Renamed the suffix from pfx to p12 and gave it to openssl for processing / investigation:
  openssl pkcs12 -in testuser.p12 -info
  Enter Import Password:
  MAC Iteration 2000
  MAC verified OK
  PKCS7 Data
  Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
  Bag Attributes
  localKeyID: 01 00 00 00
  friendlyName: {EE88EF5C-5404-487C-AB22-AA56E79D447C}
  Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
  Key Attributes
  X509v3 Key Usage: 10
  Ok the content seems to be in "Microsoft CSP" format!!! (remembering two posts earlier, that's the container-format MS-PKI produces, so a successfull import of this file should be possible?!.... No way either!!! "File corrupted!"
  Another point: during my first p12 import try I used a corporate-standard-p12 file, that means, it contains:
  1 x User-Cert
  1 x User-Key
  1 x Intermediate-level-CA-Cert
  1 x Root-level-CA-Cert
  The E65 successfully imported the two CA-Certs, ask for a name and stored them under "Authorities". They are accessible within S60 (Security->certif.manag) and anything is fine with them. But the also contained user-certificate and the user-key resulted in "File Corrupted!". :-(
  So, for me in the moment it looks really that there is a bug in S60-3rdEd. (E65). Our certificate-containers are as far as I can say completly standard conform all software (opensource/closed source) can read/import our p12-contents without problems, even the E65 can partialy (CA-Certs) read the p12 contents (but not the user-cert/key). :-(
  I would be very happy if someone else can confirm the above results and even more happy if someone else can give me more ideas where to look for a possible solution.
  What I'm missing is an exact specification from Nokia/Symbian, regarding the P12 contents. That means, Certificate/Key Encryption, Formats, Hash-Algorithms, Iterators, Mac-Iterators, and so on... If such an specification would be available/accessible chances are good to be able to generate a valid p12 file containing importable private keys. Information like DER/PEM and mime-type that's by far not enough.
  Because I was not able to find such details specs, all I can offer in the moment is to generate test certificates and p12-container-files for further in-deep debugging?!
  If it is not a bug of S60-3rdEd. perhaps someone else reading this thread can offer a MS-PKI-generated (and of course successfully imported ins S60) p12-File (even revoked should not be a problem) with all passphrases for download, so I can try to investigate in deep the formats and the differences?
  Many thanks for your help!
  Cheers
  Krum

• Having problem getting installed root certificate to work

  We have a recerse proxy set up with an SSL certificate singed by our local CA.  We are trying to connect to this reverse proxy from iPad over 3G connection.
  Initially, we received the error "Safari cannot open the page because it could not establish a secure connection to the server".  Reading up on this, realized that we needed to install the CA root certificate as a trusted root on the device.
  Got iPhone Configuration utility, set up a configuration profile for the sole purpose of installing the certificate, added the certificate through Credentials section, and assigned the profile to the device.  I can see the certificate updated to the device through General>Profiles and can confirm that it IS the root certificate used to general the SSL certificate on the proxy.
  Even after application to the iPad (tried on iPhone also), attempt to access our proxy server from the iOS device fails with the same error.
  It is interesting to note, that on a personally owned iPad, instead of the error noted, I received a pop-up indicating the certificate was unknown, and I was presented with options to "Cancel, Details, Continue".  Clicking on "Details", I was allowed to view the certificate properties, and ALSO had a button to "Accept".  Hitting "Accept" installed the certificate as trusted, and I get through the proxy server just fine.  Only problem now is that if I *want* to re-create the prompt, I have no way, as I've found no way to remove certificates from the iPad unless installed via configuration profile.
  We've checked and double-checked, and the certificates all "line up" to the correct CA.
  Any ideas where I night be going wrong?
  Thanks!

  New clue....
  I only have the problem of not connecting to the proxy server if I'm using a 3G connection.  If I turn on wi-fi, connect to an access point, the installed root certificates do their job, and I connect just fine.
  Anyone know of potential problems with SSL certificates over 3G?

• Personal Certificate Store in iPCU

  Does anyone know a way to sort certificates when selecting them from the iPCU? The store displays ALL certs, instead of just personal ones. It's rather time consuming searching for one certificate through the hundreds imported into a system within a PKI environment. The goal is to either sort alphabetically or  display certs from the "Personal" group of the certmgr.msc only. Maybe a registry hack?
  For clarification, take a look at the fourth screenshot at http://wiki.cacert.org/Technology/TechnicalSupport/EndUserSupport/OperatingSyste ms/iOS. It's titled Personal Certificate Store yet displays certs from the "Third-party Root CA" and "Other People" groups of certmgr.msc.
  Using the latest iPCU version available. Windows 7.

  As far as I know this is not possible. The IPCU displays the certificates by install order (I believe).

• EAP personal certificate 5800

  Hi i have been trying to use the wireless at my college with my nokia 5800 but it seems that the certificates that the college provides are not working with my phone. I have been able to load the .cer file into the authority certificate but im failing with the personal certificate (.pem extension). Whenever i try to save it to my phone it only attaches it to the notes and according to the IT department the personale certificates are required to use the 802.x that the college provides.
  Any ideas how can i get the .pem file to work in the phone? 
  Thanks for the help! 

  fmartell wrote:
  Hi i have been trying to use the wireless at my college with my nokia 5800 but it seems that the certificates that the college provides are not working with my phone. I have been able to load the .cer file into the authority certificate but im failing with the personal certificate (.pem extension). Whenever i try to save it to my phone it only attaches it to the notes and according to the IT department the personale certificates are required to use the 802.x that the college provides.
  Any ideas how can i get the .pem file to work in the phone? 
  Thanks for the help! 
  You would need to convert your personal certificate from it's current PEM format to PKCS#12 (.pfx) format. PKCS#12 format should be installable on the phone assuming that content and capabilities of the certificate and the private key itself are compatible with the phone. PKCS#12 file will be single password protected .pfx file (a container) including both the private key and personal certificate. Sometimes PKCS#12 .pfx file may also include the CA certificate(s) so that CA certificate don't need to be installed separately from the personal certificate.
  Conversions between different certificate file formats can be done with OpenSSL. OpenSSL is a open source command line tool for handling various certificate related operations. It is rather complex and powerful set of tools but e.g. a conversion between PEM and PKCS#12 format is typically not too difficult to do once you have a PC with OpenSSL available. Of course using command line based tools like OpenSSL will require certain amount geekiness but nothing too extreme.
  If you feel comfortable to give OpenSSL conversion a try you can find OpenSSL installation package for Windows e.g. by googling "Win32 OpenSSL" and installing it on a Windows PC. I think that the "light" Win32 version of the OpenSSL installation packages provided by the Shining Light Productions web page should be sufficient enough for a simple conversion task like this. Once you have the OpenSSL installed and functional on a PC you can proceed to the actual conversion. In case you have access to a Linux PC it might already have the OpenSSL installed if your locky. Point is that you don't necessarily need to have a Windows version of the OpenSSL to do this conversion but basically any PC with OpenSSL should be good for the task.
  First you should propably take a look at your PEM file with text editor (e.g. open with Wordpad on a Windows PC) and see if the PEM file contains both "BEGIN / END PRIVATE KEY" and "BEGIN / END CERTIFICATE" tags with some code between the BEGIN and END tags since this indicates that both private key and the actual certificate are included in this single PEM file you have received.
  If your PEM file does not contain the "PRIVATE KEY" section then you should also have received a separate private key file (named .key .pvk .pem or something else) in addition to the "certificate only" PEM file from the people who provided the certificate.
  Copy your PEM formatted certificate file(s) to your PC with the OpenSSL, start the command line and go to the folder where your certificate files are located. Assuming that your PEM file includes both the certificate and the private key then these can be converted to PKCS#12 format using following OpenSSL command:
  openssl pcks12 -export -in yourcertificate.pem -out yournewcertificate.pfx
  After entering this command OpenSSL will prompt you to provide a password that will be used for protecting the new PKCS#12 (.pfx) file. Select and enter a password (twice) and note that you will need to remember this later when installing the resulting .pfx file on your phone.
  In case you have a separate private key file in addition to personal certificate PEM file then format of the OpenSSL command that creates a single PKCS#12 pfx file (containing both private key and personal certificate) would be something like this:
  openssl pkcs12 -export -in yourcertificate.pem -inkey yourprivatekey.pvk -out yournewcertificate.pfx
  Naturally you need to replace the filenames in above example following the "-in" and "-inkey" options with the actual names of your files and you should define a filename for the resulting .pfx file after the "-out" option (ensure that you won't end up overwriting the existing PEM file and keep a copy of it in some other folder in any case).
  It's important to note that you must have both the personal certificate and it's private key installed on the phone in order to be able to use your personal certificate for EAP-TLS authentication (these are both most likely included in your PEM file). Naturally you will also need to have the Certificate Authority certificate installed on the phone but it sounds that you had already managed to install that one. The PEM file (like PFX file) might also contain the both the CA certificate and personal certificate so don't worry if you get "certificate already installed" type of warning when installing the PKCS#12 (.pfx) file on the phone later since it means that your original PEM file also contained the CA certificate which got automatically included to .pfx file during the conversion and since you had already previosly installed the same CA certificate phone just notes that this CA is already installed.
  Once you have successfully converted your personal certificate and private key in to the PKCS#12 (.pfx) file format then you should be able to copy the resulting .pfx file (created by OpenSSL) to your phone and hopefully install it on the phone.
  Note that your phone will ask you to define a "phone key store" password (select a password you wish and enter it twice) when you are installing first "personal certificate" on your phone. Once you have created the phone key store password you will be prompted for the password of the PKCS#12 (.pfx) file so this is the password that you entered during the OpenSSL conversion.
  Ensure that you will also remember your newly created private key store password since it will be prompted by the phone later when this particular personal certificate is being used for the EAP-TLS authentication.
  If you managed to install your personal certificate (and the private properly) then you should be able to go to your access point's EAP-TLS settings and select your certificateas a personal certificate and select the previously installed CA certificate as a Certificate Authority for the EAP-TLS authentication.

• Installing SSL certificate Windows Server 2012R2 RDSH servers

  Hello,
  I'm currently in the final fase of installing an functional Remote Desktop (Windows Server 2012R2) environment. The only problem i have, which i try to complete several days now without any luck, is the installation of our WildCard SSL certificate on de
  Remote Desktop Session Host servers (farm).
  We have 1 gateway server which is also the connection broker. On this server i have installed (using the Deployment Properties of the Session Collection) the certificate on all available levels. But still, when i try to connect to our Remote Desktop Servers
  i get the automatically created certificate from the Remote Desktop Session Host servers. The certificate works for all the other functions (gateway etc.)
  The servers are joined to the domain, and the wildcard certificate = *.zon-ict.nl.
  Below the screenshot of the deployment settings.
  Can someone point me in the right direction for installing the certificate on the RDSH servers?

  Hi,
  Thank you for posting in Windows Server Forum.
  Basic requirements for Remote Desktop certificates:
  1. The certificate is installed into computer’s “Personal” certificate store. 
  2. The certificate has a corresponding private key. 
  3. The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well. 
  Please follow beneath article for details.
  Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
  http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Personal certificates disappear after upgrade to FF35

  All personal certificates for loggin on sites doesn't shown - empty storage. Sites saying "You have no certs installed".
  When I import cert from backup and enter right password I see window "Alert! ... imported successful", but no cert appears at "View certs" - Personal. When I do enter wrong pass importing cert I have an error (so ok).
  Linux 3.13.0-44-generic #73-Ubuntu SMP Tue Dec 16 00:23:46 UTC 2014 i686 i686 i686 GNU/Linux
  Any ideas? Thanks!

  ''guigs2 [[#answer-681201|said]]''
  <blockquote>
  Do they appear in any other section of the View Certificates option under Options > Advanced > Certificates?
  Please also take note of the type of security certificates that you are importing: [https://blog.mozilla.org/security/]
  </blockquote>
  They was there, but not now. (Preferences > Advanced > Certificates > View Certificates). As importing says Ok, I think certs present in storage but cannot be shown/accessed...
  And yes, I have other rarely used FF profile for tests, it was upgraded too and never has personal certificates. Importing there the same cert.p12 was successful and I can see it and log into needed site!
  So smth wrong with big profile for work.

• Password parameter not working while Installing the certificate hosted on a Web Application Server

  Hi,
  We are trying to secure our SAP BI Mobile connection with certificates. According to the manual we are storing a password protected certificate on a network location.
  On our ipad when I open the link: (according to manual: Administrator and Report Designer's Guide , chapter  4.14.2.1 Installing the x509 Certificate on Device)
  SAPBI://action=downloadcert&certurl=<Download URL>&Password=abc123
  It should open and install the certificate in the app without asking for the password. But thats not working. It does ask for the password. So I can access the certificate location and after entering the password it works. But I am giving the password parameter in the link so why is this not working?
  The guide is a bit contradictory, and I quote:
  "If you access the second link above: The application is launched and the certificate file is downloaded from the URL location (certurl).
  The certificate is directly installed on the device."
  But second quote:
  "NOTE:
  Since the password is already included in the URL, the application does ask the user for the password...."
  My question: what is the use of this password parameter if you still have to enter it manually?
  Does anybody know if this should work, and what I  might be doing wrong?

  Hi , i am facing the same issue. I'll open a incident.
  Martin

• How to install a certificate in OC4J

  Hi I want to connect a server from a java method in Jdeveloper (from local machine) using api which needs a certificate to be installed in the caller.
  I have installed the certificate in my machine by clicking the certficate file and clicking the Install Certificate option.
  But still the error is comming. Do I need to add the certificate somewhere in Jdeveloper? How?
  The error message is:-
  Establishing the LDAPConnection with the below env params =>
  {java.naming.provider.url=ldap://ldapu.xyz.gov.sg:636, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.ldap.version=3, java.naming.security.principal=uid=userx,ou=employee,o=xyz,c=sg, java.naming.security.authentication=simple, com.sun.jndi.ldap.connect.pool=true, java.naming.security.credentials=password, java.naming.security.protocol=ssl}
  Establishing the LDAPConnection with the below env params =>
  {java.naming.provider.url=ldap://ldapu.xyz.gov.sg:636, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.ldap.version=3, java.naming.security.principal=uid=dbc13,ou=employee,o=xyz,c=sg, java.naming.security.authentication=simple, com.sun.jndi.ldap.connect.pool=true, java.naming.security.credentials=password, java.naming.security.protocol=ssl}
  javax.naming.CommunicationException: simple bind failed: ldapu.xyz.gov.sg:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
  Establishing the LDAPConnection with the below env params =>
  {java.naming.provider.url=ldap://ldapu.xyz.gov.sg:636, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.ldap.version=3, java.naming.security.principal=uid=dbc13,ou=non-employee,o=xyz,c=sg, java.naming.security.authentication=simple, com.sun.jndi.ldap.connect.pool=true, java.naming.security.credentials=password, java.naming.security.protocol=ssl}
  Establishing the LDAPConnection with the below env params =>
  {java.naming.provider.url=ldap://ldapu.xyz.gov.sg:636, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.ldap.version=3, java.naming.security.principal=uid=dbc13,ou=non-employee,o=xyz,c=sg, java.naming.security.authentication=simple, com.sun.jndi.ldap.connect.pool=true, java.naming.security.credentials=password, java.naming.security.protocol=ssl}
  javax.naming.CommunicationException: simple bind failed: ldapu.xyz.gov.sg:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
  Creating ldapContext for user =>uid=dbc13,ou=employee,o=xyz,c=sg
  Establishing the LDAPConnection with the below env params =>
  {java.naming.provider.url=ldap://ldapu.xyz.gov.sg:636, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.ldap.version=3, java.naming.security.principal=uid=dbc13,ou=employee,o=xyz,c=sg, java.naming.security.authentication=simple, com.sun.jndi.ldap.connect.pool=true, java.naming.security.credentials=password, java.naming.security.protocol=ssl}
  Establishing the LDAPConnection with the below env params =>
  {java.naming.provider.url=ldap://ldapu.xyz.gov.sg:636, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.ldap.version=3, java.naming.security.principal=uid=dbc13,ou=employee,o=xyz,c=sg, java.naming.security.authentication=simple, com.sun.jndi.ldap.connect.pool=true, java.naming.security.credentials=password, java.naming.security.protocol=ssl}
  javax.naming.CommunicationException: simple bind failed: ldapu.xyz.gov.sg:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
  [Ljava.lang.StackTraceElement;@193385dsg.gov.xyz.ldap.base.LDAPException: Unable to connect to the server.[simple bind failed: ldapu.xyz.gov.sg:636]
  Thanks in advance
  Sam
  Edited by: Sam on Nov 16, 2010 9:50 PM

  Hi. To SSL comunication between the local machine and remote server with jndi, only need install or register the ca-certificate with keytool in the local machine. This instructions can help you:
  /oracle/oas/10.1.3.1/soa/jdk/bin/keytool -import -keystore /oracle/oas/10.1.3.1/soa/jdk/jre/lib/security/cacerts -trustcacerts -file /oracle/certificates/DcDg04Cert2.cer -alias alias_name -storepass store_pass
  Bye.