[Dspace-devel] R: Dspace and CAS problem (SSL)

Sat, 13 Oct 2012 00:09:22 -0700 

Probably you are using a selfsigned certificate. You need to trust the cas ssl 
certificate in the jvm that is used to run dspace (tomcat). Look to the keytool 
help to check the exact parameter.
The truststore is usually stored in a file named cacerts in the lib/security of 
your jre.
Hope this help,
Andrea


Inviato da Samsung Mobilerevskill <revskil...@gmail.com> ha scritto:Hi everyone.
I'm running Dspace behind Apache Proxy (listen in port 443) with servername
https://dspace
My CAS server is running as https://casserver
When i submit login form from CAS server, the client returned the error
below in log file:

*012-10-13 08:57:21,500 ERROR org.dspace.authenticate.CASAuthentication @
Unexpected exception caught
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
    at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)*

As i see, this is problem with Dspace when it must verify the server
certificate in order to process service ticket from CAS server.
Do you know how to fix this problem ?

Thank you very much.
-- 
TRUONG HOANG DUNG*
**Librarian Researcher
**Information and Library Centre
Mobile: 0121.411.5322
Email: dun...@hpu.edu.vn*
*Hai Phong Private University* <http://lib.hpu.vn>

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel

Reply via email to