SSL Init failed: Keystore was tampered with, or password was incorrect

Similar Messages

• Keystore was tampered with, or password was incorrect

  Hi Experts:
  I am using Apache 1.3.26, JBoss 3.0.0 (embedded with Catalina) on IBM Unix.
  When I start my JBoss Server, I get following message wonder why:
  2003-03-17 15:13:11,915 INFO [STDOUT] at java.lang.Thread.run(Thread.java:566)
  2003-03-17 15:13:11,917 ERROR [org.jboss.web.catalina.EmbeddedCatalinaServiceSX] Starting failed
  LifecycleException: null.open: java.io.IOException: java.io.IOException: Keystore was tampered with, or password was incorrect
  at org.apache.catalina.connector.http.HttpConnector.initialize(HttpConnector.java:1130)
  at org.apache.catalina.startup.Embedded.start(Embedded.java:962)
  2003-03-17 15:13:11,928 ERROR [org.jboss.deployment.SARDeployer] start operation failed on package file:/jboss-3.0.0_tomcat-4.0.3/server/default/deploy/$
  LifecycleException: null.open: java.io.IOException: java.io.IOException: Keystore was tampered with, or password was incorrect
  at org.apache.catalina.connector.http.HttpConnector.initialize(HttpConnector.java:1130)
  at org.apache.catalina.startup.Embedded.start(Embedded.java:962)
  at org.jboss.web.catalina.EmbeddedCatalinaServiceSX.startService(EmbeddedCatalinaServiceSX.java:189)
  at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:162)
  2003-03-17 15:13:11,934 ERROR [org.jboss.deployment.MainDeployer] could not start deployment: file:/jboss-3.0.0_tomcat-4.0.3/server/default/deploy/tomca$
  org.jboss.deployment.DeploymentException: null.open; - nested throwable: (LifecycleException: null.open: java.io.IOException: java.io.IOException: Keystore was tampered with, or password was incorrect
  Caused by: LifecycleException: null.open: java.io.IOException: java.io.IOException: Keystore was tampered with, or password was incorrect
  at org.apache.catalina.connector.http.HttpConnector.initialize(HttpConnector.java:1130)
  at org.apache.catalina.startup.Embedded.start(Embedded.java:962)
  It seems that major issues is "KEYSTORE WAS TAMPERED or PASSWORD was INCORRECT" - I have no idea what this means.
  Can anyone throw light on this please?
  THANKS!

  my first guess is that you forgot to add the Factory entry within the CoyoteSSL connector that specifies where the key file is found as well as the password. can you verify that?

• PatchManger-2.1 error: "keystore was tampered with"

  On solaris9-x86 with PatchManager 2.0 installed, installing cluster patch from 09/30/2005 appears to have clobbered something related to PatchManager as attempts to perform an Update Patch List (from the web interface) fails with the following message:
  An unexpected error occured in the management provider. The error was com.sun.patchpro.util.CannotConnectException: Cannot connect to retrieve patchdb: Default SSL context init failed: Keystore was tampered with, or password was incorrect.
  After the cluster patch installation, PM is now 2.1

  I've solved the problem after finding this thread
  http://forum.java.sun.com/thread.jspa?forumID=136&threadID=488368
  Is seems to be a bug in the jdk
  (if you change the keystore password you get that error)
  and the work around is explained in
  the previous thread
  I've solved my own problem regenerating the domain
  bye

• Mountain lion copy was tampered with or corrupted

  Taking all day to install ML on my Early 2011 MBP.
  Here are my specs:  120 GB Cherryville Intel SSD + 500 GB WD Scorpio Blue in the optical bay.
  Wanted to do a fresh install of ML over Lion but that didn't go well.  After formatting my SSD and trying to install from 8 GB Flash Drive (mounted and formatted to InstallESD.dmg) it said "Could not download all needed packages" or something like that.  Tried 6 times.  Luckily I had my original HDD still with all my old stuff on it.  I booted from that and downloaded Lion again.  After installing Lion, now it says "ML copy was tampered with or corrupted, delete this copy and download from App Store".  I have done this like 6 times and still getting the same error message!  Yes, I have fixed disk permissions and verified the disk, cleaned the cache and still won't go. 
  Any help would be appreciated.

  I encountered the same error "…can't be verified…" error on my 2010 MBP too. Tried six times and finally I could get it installed. Here's what I did:
  Went to "Users & Groups" in System Preferences, checked that the Apple ID specified for the current user is the same Apple ID I used in the download purchase of ML from the App Store.
  Rebooted in Safe Mode.
  Went to Disk Utility -> Repair Disk Permissions
  Downloaded ML at midnight (and the download was significantly faster!)
  Rebooted in Normal Mode.
  Ran the ML Installer.

• I have my iPhone 4s backed up on my mac but it seems it was encrypted with a password which i do not remember is there any other option to retrieve to the backup without restoring the device as a new one. Also I do not have access to a windows system.

  I have my iPhone 4s backed up on my mac but it seems it was encrypted with a password which i do not remember is there any other option to retrieve to the backup without restoring the device as a new one. Also I do not have access to a windows system.

  Sorry no, if you don't knnow the encrypted password, then you can't use that backjup.

• SSL - Default SSL context init failed: null - need help with code

  Hi!
  Once Again I have problems with SSL.
  I read something about SSL here:
  http://www.javaalmanac.com/egs/javax.net.ssl/Server.html
  Now I tried to test this stuff, that resulted in this program (I simply tried to put the SSL stuff from the above code in a small skeleton):
  import java.io.*;
  import java.net.*;
  import java.security.*;
  import javax.net.ssl.*;
  import javax.net.*;
  public class MyServer
       public static void main(String arguments[])
       try
            int port = 443;
            ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault();
            ServerSocket ssocket = ssocketFactory.createServerSocket(port);
            // Listen for connections
            Socket socket = ssocket.accept();
            System.out.println("Connected successfully");
            // Create streams to securely send and receive data to the client
            InputStream in = socket.getInputStream();
            OutputStream out = socket.getOutputStream();
            // Read from in and write to out...
            // Close the socket
            in.close();
            out.close();
       catch(IOException e)
            System.out.println("GetMessage() = "+e.getMessage());
            e.printStackTrace();
  }     Now I compiled this stuff with : 'javac MyServer.java' - there were no errors. After this I run the program
  with the following command (also taken from java almanac):
  'java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456 MyServer'
  But if I run it, it reports:
  "GetMessage() = Default SSL context init failed: null
  java.net.SocketException: Default SSL context init failed: null
  at javax.net.ssl.DefaultSSLServerSocketFactory.createServerSocket(Dasho
  6275)
  at MyServer.main(MyServer.java:15)"
  createServerSocket() seems to be the wrong line, but what is wrong with it.
  Is there any mistake in my code ?
  Btw. I created my keystore etc. according to the instructions at
  http://forum.java.sun.com/thread.jsp?forum=2&thread=528092&tstart=0&trange=15
  Any help appreciated
  Greets
  dancing_coder

  I got this error last week.
  The problem was that the keystore I was pointing to, was in other location, so it could not initialize the default context.
  I had defined ...
  String CLIENT_CERTIFPATH = getParam("client.certificate.path", "/users/pridas/myKeystoreFile");
  // getParam extracts the location of the keystore from a text file which contains some configuration parameters. The default value will be /users/pridas/myKeystoreFile
  In my case, I will try to develop a secure SOAP conexion using certificates.
  Before to try the conexion, I defined ...
  System.setProperty("javax.net.ssl.trustStore", CLIENT_CERTIFPATH);
  System.setProperty("javax.net.ssl.keyStore", CLIENT_CERTIFPATH);
  ... and the problem when I got this error ... the keystore file was not in the correct location.
  That was how I resolved this error.
  I hope everybody will be oriented about this kind of errors.
  Salu2.

• Bought new, discovered it was tampered with or refurbished, now at a loss with horrible customer service and dead phone

  I'm wondering where to go after 2 weeks playing CS phone tag, started with a tech call reguarding Iphone 5, battery issue, tech ran test, batt is consumed, went thru warranty talk then to Apple, as to our surprise once the serial number was ran , I purchased a bran new refurbished and battery previously swapped out phone thru our corporate Ver store, warranty is invalid and new batt was 80$, Apple tech was shocked... I let that settle for a few days, and began the worst ordeal and crap show of customer service since, I've made numerous calls, 1st being with christopher, whom claimed he talked with his supervisor and I was patient, talked about that they wouldn't swap battery, but replace phone with a refurb phone, contract is up 2/03/2015 , exlplained it would be less hassle and givin the time frame to renew contract and do the upgrade now, pay the upgrade cost and whatever, we are good customers , never file claims, or issues with contracts, seems simples, I've now talked to approx 5 supervisors from ID, ky, al and whom have alllllll confrimed they have taken notes, processed requests and will call back in such time, as of 4pm dec 7th I am no where fast, contract can not be upgraded, one supervisor claimed they where no longer making the iPhone 5? And would allow for a upgrade once she talked to tech service, however a magical cold transfer and 40 more minutes of retelling this insaine story, he was then going call back on a dif number so the issue ph could be used, never got the call, however Matt in ID WHO claimed such sympathy for all the hassle then texted me saying he couldn't get thru on my number, however could text, and by a tech texting myself , such poor grammar and then stating we could only have the 5 and 6+ 's are on back order. Beyond fed up and stressed, almost 6 hours on the phone and 10 days of hassle , yet we still have a phone that dies at 70% ....I've never seen such a lack of responsibly or communication , seems supervisors are really good at making statements to appease each situation with out any documentation . Can't bring myself to call again and go thru the issue over and over again, meanwhile getting same responses (excuses) from every area I've spoke to. Guess now when I purchase Verizon items I call good Ol Apple and run the serial numbers to make sure the fancy kindalooksnewplastic isn't the 2nd re wrap and buy a phone that's been tampered with and makes your monthly insurance and warrantys invalid . Money well spent kudos CS ...and no I'm not hunting down anyone via Twitter , I'm sure there's notes on our account that this crazy person is out of patience and trying to see what other cell company we could change to . Merry Christmas

  To clarify , we haven't serviced nor replaced the consumed battery . It has been noted as per Apple running the serial number that PRIOR to my purchasing the device, it had the battery replaced. Undocumented in detail, but showed up in Apple reports as replaced. Therefor creates a much wider issue than consumed battery issue, now we have the fact that 1. I paid for a new iPhone 5 16g with a renewed 2 yr contract, pay monthly for insurance on the device, however being that it has been worked on, that voided the 1 yr warranty and possibly the extended insurance program warranty as well, my corperate store can't handle this issue, given the extent of details, I stopped there today, to double check my receipt for original purchase to see if there was a CPO listed on my receipt, that is when they informed me they didn't acttially sell them there, nor if I did I wouldn't have paid full contract price either. More details, more time wasted on Verizon, knowing you all won't read the "fine" print.

• Purchased premiere/photoshop elements box was tampered with

  i Ijust opened my "new" box from Amazon Only to find the top was ripped right where you could see the serial numbers. FML
  is there a way to check and see if the serial numbers work? I plan on installing it on two computers, but one at a later date this year. It makes me feel a little sick thinking someone else already has seen them. Sloppy seconds.

  granpann
  I would advise you to contact Amazon immediately either to ask for return/complete refund or replacement with no charge for the resending.
  Do not waste any time in doing that. Include a picture of the damage with your return to Amazon if any question.
  ATR

• My 09 Mac mini was hacked and a password was placed making it so I can't boot to start mgr, a disk, safemkde only to login assuming I have good harddrkv

  09 Max mini was hacked during download / just b4 lion install and now after thinking all good its cleaned up, well was redoing my hdd and found it boots normally no matter what keys I press, or removing ram, etc.  I no longer can boot to n e thing but grey screen with apple and it changes like its going to boot though files aren't on hdd.  how can I remove boot sect password and gain control again.  I also removed airport card and Ethernet and still they are in my computer messing with me before I attempted to wipe drive.  also loaded brand new intego complete protection for $80 didn't do n e thing and never even loaded lion cause corruption so $30 for that.....help

  After removing RAM, did you do 3 PRAM Resets in a row with a wired Keyboard?

• Logon fail get massage  like "Name or password is incorrect(repeat logon)."

  I need to use BAPI in my webdynpro application.So I am creating Model for this purpose.
  On first screen which is
  Screen 1)
  "Select"
  choose the model type you want to create-------
  (.)Import Adaptive Model
  Screen 2)
  "Import Adaptive RFC Model"
  I have given model name and name scpace.
  Screen 3)
  "SAP Logon Information Screen"
  Single Server------
  Host Name:xyz
  sytem Number:00
  User Acount-------
  Client:000
  Logon Name:pqr
  Password:xxxxxx
  Language:EN
  But when i give this information and click on next it gives me error
  Name or password is incorrect(repeat logon).
  I check user name and pwd by logging SAP GUI and it is correct.
  Can any one please let me know how do I proceed to solve this problem ?
  Or is there any way to configure server credential in web dynpro ?
  Thanks
  Sunil Pawar

  Hi,
  thess pdfs may help you,
  https://www.sdn.sap.com/irj/sdn/nw-wdjava?rid=/library/uuid/a00f7103-6790-2a10-ac9c-fcac7c5b18a3
  Accessing ABAP Functions in Web Dynpro
  /docs/DOC-8061#15
  Regards,
  ramesh

• Kerberos - tampering with ticket cache

  Hello,
  sorry if this is allready posted here, I couldn't fing it.
  I'm using the Kerberos ver.5 Login Modul in JAAS to authenticate users (Java version is 1.4.2). I'm also using SSO mechanisms of Kerberos, so with kinit I make a ticket for myself into the ticket cache and I'm using it withou re-contacting the KDC nor requiring password again.
  But I just find out, that when I take a HexEditor, and edit the ticket cache, I could easily change my name in that ticket (eg. to "admin" or other). After this the JAAS Login Modul does not recognize the change, and yells "admin" succesfully logged in. Now letting anybody work with admin privileges is not what I dreamed about! This is not the bug that I can live with!
  Is there any method to recognize that the Ticket Cache was tampered with? Or any other suggestions?
  Thanks in advance

  Hi
  Yes, I would like to know how to use kinit programmatically too! The whole mechanism doesn't really make sense to me - I would have thought the Krb5LoginModule, if configured with useTicketCache=true, would call kinit itself if it found an empty/expired ticket in the cache, and then used that cache for susbsequent operations. Is the version of kinit that comes with the JDK written in Java? Where's the source code?? In single sign on, surely we want to update the cache quite often e.g. at the start of each day. The only way I can see of doing this is by getting the use to do this manually (urghhh), or calling the kinit.exe program from Java, which doesn't sound too great either. I wonder if this is what most people do.....
  I did get out my hex editor and edit the cache as it happens - and it did indeed throw an exception (see below). Interestingly it seems to have got past the login stage, but as expected when the GSS communication begins, the handshaking between client and server fails. Here's the full stack trace I got:
  PS I'd be interested in your thoughts on the use of kinit....
  Connected to server localhost/127.0.0.1
  KrbException: Identifier doesn't match expected value (906)
  at sun.security.krb5.internal.af.a(Unknown Source)
  at sun.security.krb5.internal.ae.a(Unknown Source)
  at sun.security.krb5.internal.ae.<init>(Unknown Source)
  at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
  at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
  at sun.security.krb5.internal.az.a(Unknown Source)
  at sun.security.krb5.internal.az.a(Unknown Source)
  at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
  at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
  at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
  at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
  at SampleClient.main(SampleClient.java:144)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at MyAction.run(Login.java:212)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
  at Login.main(Login.java:177)
  KrbException: Integrity check on decrypted field failed (31) - PROCESS_TGS
  at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
  at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
  at sun.security.krb5.internal.az.a(Unknown Source)
  at sun.security.krb5.internal.az.a(Unknown Source)
  at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
  at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
  at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
  at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
  at SampleClient.main(SampleClient.java:144)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at MyAction.run(Login.java:212)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
  at Login.main(Login.java:177)
  Caused by: KrbException: Identifier doesn't match expected value (906)
  at sun.security.krb5.internal.af.a(Unknown Source)
  at sun.security.krb5.internal.ae.a(Unknown Source)
  at sun.security.krb5.internal.ae.<init>(Unknown Source)
  ... 17 more
  java.security.PrivilegedActionException: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
  at Login.main(Login.java:177)
  Caused by: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
  at MyAction.run(Login.java:214)
  ... 3 more
  Caused by: java.lang.reflect.InvocationTargetException
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at MyAction.run(Login.java:212)
  ... 3 more
  Caused by: GSSException: No valid credentials provided (Mechanism level: Integrity check on decrypted field failed (31) - PROCESS_TGS)
  at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
  at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
  at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
  at SampleClient.main(SampleClient.java:144)
  ... 8 more

• ATT says my 3G MicroCell has been tampered with!!

  I have had this unit for 3 months.  It worked for the first two months and then stopped working.  I called ATT to troubleshoot or replace unit and they said it was tampered with and that there was nothing they could do.   MY UNIT IS BRAND NEW. AND NEVER USED OTHER THAN PLUGGING IT IN AND UNPLUGGING IT.   I read that 6 pins come flying out to set this tamper alarm off.  My unit is in perfect condition.   If ATT thinks they can use this as an excuse to not return a device I am literally appallled.  I have been a customer for over 10 years.   David 

  Yeah something is not quite right. By brand new, did you buy it directly from AT&T or did you purchase it "new" off of eBay?
  The anti-tamper clips are inside and set in such a way so that if the unit is opened, it is very difficult to reseat them which renders the unit useless. The clips (at least on the white models) can come loose if the unit is dropped on the floor or knocked over (the cat knocked it over for example).
  So.....
  New from AT&T? IF so, which model (white or black)
  Does it rattle if you shake it gently?
  How did it stop working? (what is the problem).
  I believe the warranty on brand new, purchased from AT&T is one year so you would certainly qualify for a warranty replacement if it is a defective unit.

• IPod has been mucking up with the password... ?

  Im from Sydney, Australia, and at the moment i am in victoria for a week. I was playing with my password and my brother locked it (It was disabled for 1 min, 1 min, 3 min, 10 min, 60 min, 60 min, 60 min) and now its locked! And seeing as though its not my computer,and wont find the device it says i have to unlock it via the iPod, but seeing though its locked, i can't... If anyone one could help be tonight, it would be greatly appreciated
  cheers

  Have a look at this article: "iPhone and iPod touch: Wrong passcode results in red disabled screen" http://support.apple.com/kb/HT1212

• Problem in running j2ee programs with SSL: SSL context init failed : cannot

  Hi,
  I am just trying to run some servlet program that creates some SSL socket to communicate with a server. I have configured my java.security file but when i run my rpogram i get this error
  SSL context init failed : cannot recover key.i am using SunJSSE provider
  Plz help me and i am confused as in how to enable jsse in my sun java system app server platform edition.
  Waiting for ur replies!
  Thanks,
  Akshatha

  I got this error last week.
  The problem was that the keystore I was pointing to, was in other location, so it could not initialize the default context.
  I had defined ...
  String CLIENT_CERTIFPATH = getParam("client.certificate.path", "/users/pridas/myKeystoreFile");
  // getParam extracts the location of the keystore from a text file which contains some configuration parameters. The default value will be /users/pridas/myKeystoreFile
  In my case, I will try to develop a secure SOAP conexion using certificates.
  Before to try the conexion, I defined ...
  System.setProperty("javax.net.ssl.trustStore", CLIENT_CERTIFPATH);
  System.setProperty("javax.net.ssl.keyStore", CLIENT_CERTIFPATH);
  ... and the problem when I got this error ... the keystore file was not in the correct location.
  That was how I resolved this error.
  I hope everybody will be oriented about this kind of errors.
  Salu2.

• Default SSL context init failed: Invalid keystore format

  Hi, I can't connect to my ldap server. The problem is ssl. I'm trying to do this:
  import java.io.IOException;
  import java.util.Hashtable;
  import javax.naming.Context;
  import javax.naming.NamingException;
  import javax.naming.directory.DirContext;
  import javax.naming.directory.InitialDirContext;
  import javax.naming.ldap.LdapContext;
  public class TestAuthentifikation {
      public static void main (String [] args) throws IOException  {
             try {
                  Hashtable env = new Hashtable();
                  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                  env.put(Context.PROVIDER_URL, "ldaps://subdomain.dyndns.org:636/"); 
                  env.put(Context.SECURITY_PRINCIPAL, "uid=user,ou=users,dc=subdomain,dc=dyndns,dc=org");
                  env.put(Context.SECURITY_CREDENTIALS, "passwd");
                  env.put(Context.SECURITY_AUTHENTICATION, "simple");
                  env.put(Context.SECURITY_PROTOCOL, "ssl");
                  java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
                  System.setProperty("javax.net.ssl.keyStore",  "/usr/lib/j2se/1.4/jre/lib/security/cacerts");
                  System.setProperty("javax.net.ssl.trustStore","/usr/lib/j2se/1.4/jre/lib/security/cacerts");
                  env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");
                  DirContext ctx = new InitialDirContext(env);
                  //use ctx....
                  // Close the context when we're done
                  ctx.close();
                catch(NamingException ne) {
                  System.err.println(ne);
                  ne.printStackTrace();
  }The exception is this:
  javax.naming.CommunicationException: subdomain.dyndns.org:636 [Root exception is java.net.SocketException: Default SSL context init failed: Invalid keystore format]
          at com.sun.jndi.ldap.Connection.<init>(Connection.java:194)
          at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:119)
          at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1668)
          at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2599)
          at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)On the server I have created this ldap_crt.pem file:
  openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout ldap_key.pem -keyform PEM -out ldap_crt.pem -outform PEMwhich sits on the clients /etc/ssl/certs directory. Like this I can connect with a ldap browser to the server.
  I should do something like this:
  keytool -import -alias AUTH_CA -file rootcert.crt -keystore /usr/lib/j2se/1.4/jre/lib/security/cacertsHow do I get this rootcert.crt file?
  I did this and changed the keystore from cacerts to mycacerts in the java class file:
  sudo keytool -import -alias AUTH_CA -file /etc/ssl/certs/ldap_crt.pem -keystore /usr/lib/j2se/1.4/jre/lib/security/mycacertsThen I get this:
  javax.naming.CommunicationException: simple bind failed: subdomain.dyndns.org:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: *No trusted certificate found*]
          at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
          at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2640)
          at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
          at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
          at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
  Edited by: borobudur on May 18, 2008 7:09 AM

  Just a permission problem! Take care that your process can write on the keystore/truststore.