Hi folks, 

I am developing a java application that needs to retrieve data from an
LDAP server  on a secure connection. (I use a freshly downloaded JDK
1.4.2).

This server uses TLS protocol to establish secure connections and it
has a server certificated produced by an internal CA.

When I try to access this server from my application, I receive an
exception because the server certificate is not validated; here is the
exception chain I get:

javax.naming.CommunicationException:
sun.security.validator.ValidatorException: No trusted certificate
found [Root exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: No trusted certificate
found

First option to solve the problem is inserting the cert. into my key
store.

Second option is disabling cert. validation and this is the approach I
would like to follow.

I looked for documentation on this subject and found only a good code
example that unfortunately deals with SSL connections (see
http://javaalmanac.com/egs/javax.net.ssl/TrustAll.html).


To establish a TLS connection I use as a base the sun example
contained in jdk API docs (please see
http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/ldap/StartTlsResponse.html)

I tried to get inspiration from the first example cited above, but I
was not able to find any method/property useful to disable
cert.validation in TLS.

I am also reading java security and networking documentation, but it
is like looking "for a water drop in the ocean" (from an italian
saying).

Are there any good java ocean seaman that can give me some good
coordinates? ;-)

Thank you, 
    
    Marco