Unable to Connect to LDAPS After Updating to GlassFish Enterprise Server 2.1.1
(Doc ID 1178458.1)
Last updated on JULY 06, 2020
Applies to:Oracle GlassFish Server - Version 2.1 and later
Information in this document applies to any platform.
In a Glassfish Enterprise Server 2.1 using an Enterprise profile, which uses NSS based security, connecting using LDAPS to a SSL-secured Oracle Directory Server 11g (ODS) worked.
However, trying the same with Glassfish Enterprise Server 2.1.1, either by patching a working 2.1 installation or performing a fresh install, fails as the instance is unable to connect to the ODS backend, and throws the following error:
Connection to LDAPS/SSL fails with java.lang.RuntimeException: Could not parse key values
This problem can be encountered when GlassFish Enterprise Server 2.1.1 is used with products like OpenSSO or Identity Manager which make use of a secure SSL-enabled Directory Server backend.
To investigate the problem, set the Java system property "-Djavax.net.debug=ssl,handshake", and repeating the steps to trigger the SSL connection attempt, the following is seen in the instance's log file:
This problem can be seen when:
- Updating from GlassFish 2.1 to GlassFish 2.1.1 and using the bundled Java Development Tookit (JDK), or another JDK 6 installation.
- JDK 6 is used instead of JDK 5
- In GlassFish 2.1.1, the default JDK is JDK 6 compared to GlassFish 2.1 which is bundled with JDK 5
- NSS 3.12.3 or later is used
- GlassFish 2.1.1 and later comes with NSS 3.12.x or later
- The the backend SSL server (Directory server/LDAPS or some other SSL server) has Elliptic Curve Cryptography (ECC) ciphers enabled and the current handshake uses ECC ciphers.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document