Hey guys,
So I’m trying to set up OpenFire, and I got everything working if I hook into my LDAP provider unencrypted, but when I change the port from 389 to 636 and turn on LDAP SSL, I get the following error dump:
2011.12.27 04:19:50 org.jivesoftware.openfire.ldap.LdapAuthProvider - Error connecting to LDAP server
javax.naming.CommunicationException: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID [Root exception is javax.net.ssl.SSLException: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID]; remaining name ‘’
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2003)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1789)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java: 412)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirC ontext.java:394)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirC ontext.java:376)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:286)
at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:954)
at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:891)
at org.jivesoftware.openfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:123)
at org.jivesoftware.openfire.auth.AuthFactory.authenticate(AuthFactory.java:176)
at org.jivesoftware.openfire.admin.login_jsp._jspService(login_jsp.java:149)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:530)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1216)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:39)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1187)
at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:74)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1187)
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:50)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1187)
at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:78)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1187)
at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:164)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1187)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:425)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:494)
at org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.java:182)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:93 3)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:362)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:867 )
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandler Collection.java:245)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.jav a:126)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
at org.eclipse.jetty.server.Server.handle(Server.java:334)
at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:559)
at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.j ava:1007)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:747)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:209)
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:406)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:4 62)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
at java.lang.Thread.run(Thread.java:722)
Caused by: javax.net.ssl.SSLException: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1869)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1827)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1810)
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1736)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:116)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:415)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
… 46 more
Caused by: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.jav a:323)
at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:6 87)
at sun.security.ssl.ECDHCrypt.(ECDHCrypt.java:76)
at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:629)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:215)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:999)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1295)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:685)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:111)
… 51 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_GenerateKeyPair(Native Method)
at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.jav a:314)
… 61 more
Does anyone have any suggestions as to what I can do to fix? I’m not sure if this is a bug or a dumb configuration issue, but if it’s the later, I really can’t figure it out. :-\
Thanks so much!