5.1 Enabling the AdminDemo.java Example

When running the AdminDemo.java example, a commonly returned error is:

   javax.naming.CommunicationException: simple bind failed: developer.mycompany.com.br:636. Root exception is javax.net.ssl.SSLHandshakeException: Couldn’t find trusted certificate
   

During the handshake between the client and the server, the server sends a digital certificate so that the client can authenticate the server. The client attempts to authenticate the server by verifying if the certificate was issued by a Certificate Authority (CA) that the client trusts. The SSLHandshakeException will be thrown if the server returns a certificate that was not issued by a CA that has a corresponding trusted root certificate in the truststore that Java Secure Socket Extension (JSSE) is using.

By default JSSE uses the cacerts file as the default truststore. This file is provided in each Java Runtime Environment (JRE). You can tell which trusted root certificates are in the cacerts truststore by running keytool (provided with each JRE) with the -list option on the cacerts file that is located in the <javahome>\lib\security folder (on Windows at least). This will list all the trusted root certificates in the cacerts truststore.

You can prevent the javax.naming.CommunicationException: by obtaining the trusted root certificate for the server’s certificate and importing it into the truststore that the JSSE is using. You import certificates into a truststore by using keytool.ext with the -import command selected. By default, this is the cacerts file.

This should fix the JSSE issues unless you have Mutual Authentication enabled on the server. When this is enabled, the server must be able to authenticate the client. The client’s certificate must be in the keystore that the JSSE is using or else the handshake will fail.