java ssl连接AD域问题

环境：server 2003 jdk1.6 eclipse 测试java类。
需求：使用测试java类 连接AD域服务器 实现创建带密码用户 修改用户信息等。
在域服务器上面 安装了数字证书 步骤如下
http://ming228.blog.51cto.com/421298/104180/
代码如下：

1.public static LdapContext getContext() {   

2.        String keystore = "C:/Java/jre6/lib/security/cacerts";   

3.        System.out.println(keystore);   

4.        System.setProperty("javax.net.ssl.trustStore", keystore);   

5.        LdapContext ctx = null;   

6.        Hashtable env = new Hashtable();   

7.        env.put(Context.INITIAL_CONTEXT_FACTORY,   

8.                "com.sun.jndi.ldap.LdapCtxFactory");   

9.        env.put(Context.PROVIDER_URL, "ldap://ad1.zywycq.com:636");   

10.        env.put(Context.SECURITY_AUTHENTICATION, "simple");   

11.        env.put(Context.SECURITY_PRINCIPAL, "cn=administrator,cn=users,dc=ad1,dc=zywycq,dc=com");   

12.        env.put(Context.SECURITY_CREDENTIALS, "123456");   

13.        env.put(Context.SECURITY_PROTOCOL, "ssl");   

14.//      env.put(Context.REFERRAL, "follow");   

15.        try {   

16.            ctx = new InitialLdapContext(env, null);   

17.        } catch (NamingException e1) {   

18.            e1.printStackTrace();   

19.        }   

20.        return ctx;   

21.    }  

在运行之前使用ie访问域服务器 下载证书 使用 keytool -import -trustcacerts -alias zy_domain -file D:/certnew.cer -keystore "C:/Java/jre6/lib/security/cacerts" 导入到keystore中。
运行后报如下错误：

1.javax.naming.CommunicationException: simple bind failed: ad1.zywycq.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]   

2.    at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)   

3.    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)   

4.    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)   

5.    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)   

6.    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)   

7.    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)   

8.    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)   

9.    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)   

10.    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)   

11.    at javax.naming.InitialContext.init(Unknown Source)   

12.    at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)   

13.    at Test.getContext(Test.java:178)   

14.    at Test.addUser(Test.java:188)   

15.    at Test.main(Test.java:43)   

16.Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake   

17.    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)   

18.    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)   

19.    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)   

20.    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)   

21.    at java.io.BufferedOutputStream.flushBuffer(Unknown Source)   

22.    at java.io.BufferedOutputStream.flush(Unknown Source)   

23.    at com.sun.jndi.ldap.Connection.writeRequest(Unknown Source)   

24.    at com.sun.jndi.ldap.LdapClient.ldapBind(Unknown Source)   

25.    ... 14 more   

26.Caused by: java.io.EOFException: SSL peer shut down incorrectly   

27.    at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)   

28.    ... 22 more   

29.Exception in thread "main" java.lang.NullPointerException   

30.    at Test.addUser(Test.java:221)   

31.    at Test.main(Test.java:43)  

困惑了很久 在网上也找了很多类似的错误 仍然没有解决。
请各位帮忙看下 比较急 谢谢。

ps：如果不使用ssl连接 端口改为389 则可以成功创建无密码用户。