Sirs, I was able to create a certificate by the windows server with a
"real" certificate for the "scna-cas.pfx" served, I saw that I can only
change the format for p12.
Now can I give it the nickname of tomcat and add it to the keystore, so
tomcat / cas can use it?
Is this problem not linked to the "thekeystore" configured in
application.properties?
Attached the cas.log with the complete error.
Em segunda-feira, 5 de fevereiro de 2018 18:16:44 UTC-2, David Curry
escreveu:
>
>
> > Can you identify with this passage what the problem with the
> certificate really is ?
>
> I'm GUESSING here, but "unable to find valid certification path to
> requested target" suggests to me that the server cannot find one or more of
> the certificates in the chain between the certificate authority and your
> certificate.
>
> If you're using a self-signed certificate, that probably means it can't
> find the certificate itself. (If you were using a "real" certificate from a
> certificate authority, it would probably mean that you haven't loaded one
> or more of the CA's intermediate certificates.)
>
> Did you give the certificate the "tomcat" alias when you installed it in
> your keystore?
>
> You might want to check the directions here:
>
> https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Configuration
>
>
> (Skip over the first blue box that shows an openssl command, and start
> reading at the paragrap beginning "To create a new JKS keystore from
> scratch...")
>
> --Dave
>
>
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> +1 212 229-5300 x4728 • [email protected] <javascript:>
>
> [image: The New School]
>
> On Mon, Feb 5, 2018 at 2:28 PM, Carlos Eduardo Santos <
> [email protected] <javascript:>> wrote:
>
>> I did the procedure that indicated but I still receive the "500: Internal
>> Server Error" I will try now with the Let's Encrypt certificate to see if
>> it works.
>>
>> 2018-02-05 17:02:15,397 ERROR [org.jasig.cas.client.util.CommonUtils] -
>> <sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target>
>> javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
>> valid certification path to requested target
>> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>> ~[?:1.8.0_161]
>> at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
>> ~[?:1.8.0_161]
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
>> ~[?:1.8.0_161]
>> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
>> ~[?:1.8.0_161]
>> ...
>>
>> Can you identify with this passage what the problem with the certificate
>> really is ?
>>
>> thanks again !! :(
>>
>>
>> Em sexta-feira, 2 de fevereiro de 2018 17:55:14 UTC-2, David Curry
>> escreveu:
>>
>>>
>>> That's not a CAS-specific problem; it looks like something is wrong with
>>> your TLS/SSL certificate or your keystore.
>>>
>>> Does your server certificate have "scna-cas.cna.org.br" as its host
>>> name (CN)?
>>>
>>> Did you include any/all intermediate/root certificates in the cetificate
>>> you imported into the keystore?
>>>
>>> Did you name the certificate "tomcat" in the keystore?
>>>
>>> Did you configure Tomcat's HTTPS connector to use the keystore that
>>> contains your certificate?
>>>
>>>
>>> This is all covered here:
>>> https://dacurry-tns.github.io/deploying-apereo-cas/setup_tomcat_configure-tlsssl-settings.html
>>>
>>> Note that those instructions assume you're going to use a "real"
>>> certificate signed by a certificate authority, not a self-signed
>>> certificate. You can use self-signed certificates if you really want to,
>>> but if you do, you can skip all the steps in the first two sections of the
>>> link above ("Generate a private key..." and "Import the certificate...")
>>> and just do something like this instead:
>>>
>>> # *cd /opt/tomcat*
>>> # *keytool -genkey -alias tomcat -keyalg RSA -validity 365 –keystore
>>> keystore.jks*
>>> Enter keystore password: *changeit*
>>> Re-enter new password: *changeit*
>>> What is your first and last name?
>>> [Unknown]: *scna-cas.cna.org.br <http://scna-cas.cna.org.br>*
>>> *(enter the fully qualified domain name of your server
>>> here)*
>>> What is the name of your organizational unit?
>>> [Unknown]: *Test*
>>> What is the name of your organization?
>>> [Unknown]: *Test*
>>> What is the name of your City or Locality?
>>> [Unknown]: *Test*
>>> What is the name of your State or Province?
>>> [Unknown]: *Test*
>>> What is the two-letter country code for this unit?
>>> [Unknown]: *Test*
>>> Is CN=scna-cas.cna.org.br, OU=Test, O=Test, L=Test, ST=Test, C=Test
>>> correct?
>>> [no]: *yes*
>>>
>>> Enter key password for <tomcat>
>>> (RETURN if same as keystore password): *(press RETURN)*
>>> #
>>>
>>>
>>> Then continue with the "Configure Tomcat server settings" section of the
>>> page linked above.
>>>
>>> If you can't or don't want to purchase a "real" certificate from a
>>> certificate authority, you might also consider using a certificate from
>>> Let's Encrypt, which is free (but must be renewed every 90 days). This will
>>> behave more like a "real" certificate and avoid many of the annoyances that
>>> you'll experience with self-signed certificates. Google "lets encrypt
>>> tomcat 8" for guidance on how to do that.
>>>
>>>
>>> --Dave
>>>
>>>
>>> --
>>>
>>> DAVID A. CURRY, CISSP
>>> *DIRECTOR OF INFORMATION SECURITY*
>>> INFORMATION TECHNOLOGY
>>>
>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
>>> +1 212 229-5300 x4728 • [email protected]
>>>
>>> [image: The New School]
>>>
>>> On Fri, Feb 2, 2018 at 2:20 PM, Carlos Eduardo Santos <
>>> [email protected]> wrote:
>>>
>>>> I followed the document leaving only the stage of loadbalance, but it
>>>> seems to leave some more things behind.
>>>> now access the page, but look at the error that is presenting on both
>>>> pages.
>>>>
>>>>
>>>> <https://lh3.googleusercontent.com/-nvLZpItYYVE/WnS4cia0GrI/AAAAAAAAYeI/zJvDCms5zQkcmD8H1CEbaf23QJTPWUm7QCLcBGAs/s1600/error%2Bdashboard.jpg>
>>>>
>>>>
>>>> <https://lh3.googleusercontent.com/-saw5lPlffik/WnS4xMasJ5I/AAAAAAAAYeM/F1_fjv23bQkaSTnVOujPOyaZ8Ft00IClwCLcBGAs/s1600/error%2Bcas-management.jpg>
>>>>
>>>>
>>>> Em sexta-feira, 2 de fevereiro de 2018 16:38:35 UTC-2, David Curry
>>>> escreveu:
>>>>
>>>>> Hi Carlos,
>>>>>
>>>>> The document was written to take a "baby steps" approach of getting
>>>>> one feature/function working at a time to make it easier to understand
>>>>> what's going on and to diagnose problems. You've jumped ahead several
>>>>> steps, which you can of course do, but you might want to go back and
>>>>> review
>>>>> earlier sections to make sure you have performed all the configuration
>>>>> steps that the later sections assume have been done.
>>>>>
>>>>> BUT... to try and get what you already have working, I think these
>>>>> steps should get you most of the way there:
>>>>>
>>>>> 1. Open the server firewall to allow TCP connections on Port 443.
>>>>>
>>>>> 2. If you haven't already done so, create/obtain a TLS/SSL certificate
>>>>> and install it in Tomcat's keystore.
>>>>>
>>>>> 3. Adjust cas.properties to contain:
>>>>>
>>>>> cas.server.name = https://scna-cas.cna.org.br:8443
>>>>> cas.server.prefix = ${cas.server.name}/cas
>>>>>
>>>>>
>>>>> 4. Change the service registry file for the dashboard to contain
>>>>>
>>>>> "serviceId" : "^
>>>>> https://scna-cas.cna.org.br:8443/cas/status/dashboard(\\z|/.*)",
>>>>>
>>>>>
>>>>> 5. Change the service registry file for the management webapp to
>>>>> contain
>>>>>
>>>>> "serviceId" : "^
>>>>> https://scna-cas.cna.org.br:8443/cas-management(\\z|/.*)",
>>>>>
>>>>>
>>>>> 6. Direct your web browser (or curl) to
>>>>>
>>>>> https://scna-cas.cna.org.br:8443/cas/status
>>>>> https://scna-cas.cna.org.br:8443/cas/status/dashboard
>>>>> https://scna-cas.cna.org.br:8443/cas-management
>>>>>
>>>>>
>>>>>
>>>>> If that still doesn't work, it honestly might be easier to go back and
>>>>> work step-by-step from the beginning. Instructions (as well as examples
>>>>> you
>>>>> can copy-and-paste to edit) for creating service registry files without
>>>>> the
>>>>> webapp, etc. are all provided.
>>>>>
>>>>> You don't have to set up a load balancer or proxy (although that's the
>>>>> environment the document assumes); you can configure the firewall to
>>>>> forward 443 to 8443 instead with something like
>>>>>
>>>>> firewall-cmd --permanent
>>>>> --add-forward-port=port=443:proto=tcp:toport=8443
>>>>>
>>>>>
>>>>> or you can configure Tomcat to do it.
>>>>>
>>>>> --Dave
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> DAVID A. CURRY, CISSP
>>>>> *DIRECTOR OF INFORMATION SECURITY*
>>>>> INFORMATION TECHNOLOGY
>>>>>
>>>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>>>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
>>>>> +1 212 229-5300 x4728 • [email protected]
>>>>>
>>>>> [image: The New School]
>>>>>
>>>>> On Fri, Feb 2, 2018 at 12:05 PM, Carlos Eduardo Santos <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Yes David, I'm following the steps of your documentation and yes, I
>>>>>> did not do the loadbalance part.
>>>>>>
>>>>>> I could not create other services, these two mentioned would be the
>>>>>> basic for me to try to create others through the web interface.
>>>>>> David, without the loadbalance you say that the services would have
>>>>>> to stay this way?
>>>>>>
>>>>>> {
>>>>>> "@class": "org.apereo.cas.services.RegexRegisteredService",
>>>>>> "serviceId": "^ https: //scna-cas.cna.org.br: 8443 /
>>>>>> cas-management (\\ z | /.*)",
>>>>>> "name": "CAS Services Management",
>>>>>> "id": 1517578442,
>>>>>> "description": "CAS services management webapp",
>>>>>> "evaluationOrder": 5500
>>>>>> }
>>>>>>
>>>>>> would have to change in cas.properties the server to
>>>>>> cas.server.name = scna-cas.cna.org.br: 8443
>>>>>>
>>>>>> I tried with the change of service in the way above and it did not
>>>>>> work too.
>>>>>>
>>>>>> below from the netstat command.
>>>>>>
>>>>>> Proto Recv-Q Send-Q Local Address Foreign Address
>>>>>> State PID/Program name
>>>>>> tcp 0 0 0.0.0.0:22 0.0.0.0:*
>>>>>> LISTEN 1193/sshd
>>>>>> tcp 0 0 127.0.0.1:25 0.0.0.0:*
>>>>>> LISTEN 1902/master
>>>>>> tcp6 0 0 :::22 :::*
>>>>>> LISTEN 1193/sshd
>>>>>> tcp6 0 0 ::1:25 :::*
>>>>>> LISTEN 1902/master
>>>>>> tcp6 0 0 :::8443 :::*
>>>>>> LISTEN 19813/jsvc.exec
>>>>>>
>>>>>> Em sexta-feira, 2 de fevereiro de 2018 13:22:23 UTC-2, David Curry
>>>>>> escreveu:
>>>>>>>
>>>>>>> Carlos,
>>>>>>>
>>>>>>> Can you confirm that your CAS server is otherwise working -- you can
>>>>>>> use it to authenticate other services besides the dashboard and
>>>>>>> services
>>>>>>> management webapp? Or is nothing working?
>>>>>>>
>>>>>>> If you are getting ERR_CONN_REFUSED, then your client (browser or
>>>>>>> whatever) is trying to connect to a host/port where nothing is
>>>>>>> listening.
>>>>>>> What do you see if you run
>>>>>>>
>>>>>>> sudo netstat -plnt
>>>>>>>
>>>>>>>
>>>>>>> on the CAS server?
>>>>>>>
>>>>>>> Based on some of your settings, it looks like perhaps you're
>>>>>>> following the steps in my "Deploying Apereo CAS" documentation. Is that
>>>>>>> the
>>>>>>> case? And if it is, did you follow the document from the beginning,
>>>>>>> including setting up a load balancer in front of the server?
>>>>>>>
>>>>>>> Because by default, Tomcat/CAS listens on port 8443 (not 443). My
>>>>>>> document installs a load balancer in front of multiple CAS servers; the
>>>>>>> load balancer listens on port 443 and connects to a CAS server on port
>>>>>>> 8443. If you skipped over the part about installing a load balancer (or
>>>>>>> a
>>>>>>> proxy) to do the 443->8443 translation, then your CAS server URLs
>>>>>>> should
>>>>>>> start with
>>>>>>>
>>>>>>> https://scna-cas.cna.org.br*:8443*/cas/....
>>>>>>>
>>>>>>>
>>>>>>> (Or you could change the Tomcat configuration to listen on port 443
>>>>>>> instead of 8443.)
>>>>>>>
>>>>>>> --Dave
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> DAVID A. CURRY, CISSP
>>>>>>> *DIRECTOR OF INFORMATION SECURITY*
>>>>>>> INFORMATION TECHNOLOGY
>>>>>>>
>>>>>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>>>>>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
>>>>>>> +1 212 229-5300 x4728 • [email protected]
>>>>>>>
>>>>>>> [image: The New School]
>>>>>>>
>>>>>>> On Fri, Feb 2, 2018 at 9:56 AM, Carlos Eduardo Santos <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> I'm using https on all files, as can be seen below
>>>>>>>> Do you have any records that I can see if the service registry is
>>>>>>>> working properly?
>>>>>>>>
>>>>>>>>
>>>>>>>> CASServiceManagement-1517578442.json
>>>>>>>>
>>>>>>>> {
>>>>>>>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>>>>>>> "serviceId" : "^
>>>>>>>> https://scna-cas.cna.org.br/cas-management(\\z|/.*)",
>>>>>>>> "name" : "CAS Services Management",
>>>>>>>> "id" : 1517578442,
>>>>>>>> "description" : "CAS services management webapp",
>>>>>>>> "evaluationOrder" : 5500
>>>>>>>> }
>>>>>>>>
>>>>>>>> CASAdminDashboard-1517507674.json
>>>>>>>> {
>>>>>>>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>>>>>>> "serviceId" : "^
>>>>>>>> https://scna-cas.cna.org.br/cas/status/dashboard(\\z|/.*)",
>>>>>>>> "name" : "CAS Admin Dashboard",
>>>>>>>> "id" : 1517507674,
>>>>>>>> "description" : "CAS dashboard and administrative endpoints",
>>>>>>>> "evaluationOrder" : 5000
>>>>>>>> }
>>>>>>>>
>>>>>>>> Em sexta-feira, 2 de fevereiro de 2018 12:37:10 UTC-2, David Curry
>>>>>>>> escreveu:
>>>>>>>>>
>>>>>>>>> The dashboard and cas-management are two completely different
>>>>>>>>> things; I suggest focusing on one at a time.
>>>>>>>>>
>>>>>>>>> If you're getting ERR_CONNECTION_REFUSED, that means there is
>>>>>>>>> nothing listening on the server/port you're trying to connect to.
>>>>>>>>>
>>>>>>>>> Are you using HTTPS or HTTP?
>>>>>>>>>
>>>>>>>>> The config file you posted before had "http", but your service
>>>>>>>>> registry has "https". You need to be using the same thing everywhere,
>>>>>>>>> and
>>>>>>>>> then connecting to the right port.
>>>>>>>>>
>>>>>>>>> --Dave
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> DAVID A. CURRY, CISSP
>>>>>>>>> *DIRECTOR OF INFORMATION SECURITY*
>>>>>>>>> INFORMATION TECHNOLOGY
>>>>>>>>>
>>>>>>>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>>>>>>>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
>>>>>>>>> +1 212 229-5300 x4728 • [email protected]
>>>>>>>>>
>>>>>>>>> [image: The New School]
>>>>>>>>>
>>>>>>>>> On Fri, Feb 2, 2018 at 9:32 AM, Carlos Eduardo Santos <
>>>>>>>>> [email protected]> wrote:
>>>>>>>>>
>>>>>>>>>> Hi David,
>>>>>>>>>> I can only have the / status /
>>>>>>>>>> now the dashboard and cas-management are giving error
>>>>>>>>>> "ERR_CONNECTION_REFUSED" I have the firewalld disabled and SELINUX
>>>>>>>>>> tbm so I
>>>>>>>>>> have no problem with that.
>>>>>>>>>> I can not identify where the mistake is.
>>>>>>>>>> - cas-management.log is not registering anything.
>>>>>>>>>> - The admusers.properties file is with the 2 users below.
>>>>>>>>>> gnarls = passwordnotused, ROLE_ADMIN
>>>>>>>>>> carlos.alves = passwordnotused, ROLE_ADMIN
>>>>>>>>>> - The CASAdminDashboard-1517507674.json service is as described
>>>>>>>>>> below.
>>>>>>>>>> "@class": "org.apereo.cas.services.RegexRegisteredService",
>>>>>>>>>> "serviceId": "^ https: //
>>>>>>>>>> scna-cas.cna.org.br/cas/status/dashboard (\\ z | /.*)",
>>>>>>>>>> "name": "CAS Admin Dashboard",
>>>>>>>>>> "id": 1517507674,
>>>>>>>>>> "description": "CAS dashboard and administrative endpoints",
>>>>>>>>>> "evaluationOrder": 5000
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Em sexta-feira, 2 de fevereiro de 2018 11:30:27 UTC-2, David
>>>>>>>>>> Curry escreveu:
>>>>>>>>>>
>>>>>>>>>>> Carlos,
>>>>>>>>>>>
>>>>>>>>>>> The only mistake I see here is that on the second line,
>>>>>>>>>>> cas.server.prefix should be getting set to ${cas.server.name
>>>>>>>>>>> }/cas, not ${server.name}/cas.
>>>>>>>>>>>
>>>>>>>>>>> As for the adminPages configuration, based on what you've
>>>>>>>>>>> provided, you should be able to access
>>>>>>>>>>>
>>>>>>>>>>> http[s]://your.cas.server/cas/status
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> from any IP address in 10.1.3.0/24 or from 10.1.0.10, or from
>>>>>>>>>>> 10.1.0.20. You should be able to do this using either a web browser
>>>>>>>>>>> or even
>>>>>>>>>>> just curl, without any further authentication required, and get
>>>>>>>>>>> a small plain-text page back that contains the server status,
>>>>>>>>>>> version, etc.
>>>>>>>>>>> The result should look something like this:
>>>>>>>>>>>
>>>>>>>>>>> % curl https://casdev.newschoool.edu/cas/status
>>>>>>>>>>>
>>>>>>>>>>> Health: OK
>>>>>>>>>>>
>>>>>>>>>>> 1.SessionMonitor: OK - 1 sessions. 0 service tickets.
>>>>>>>>>>>
>>>>>>>>>>> 2.MemoryMonitor: OK - 1452.29MB free (79.77%), 368.32MB used,
>>>>>>>>>>> 1820.61MB total.
>>>>>>>>>>>
>>>>>>>>>>> Host: casdev-srv01
>>>>>>>>>>> Server: https://casdev.newschool.edu
>>>>>>>>>>> Version: 5.2.2
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Does that part work? If so, move on to the next part. If not,
>>>>>>>>>>> set <Property name="cas.log.level" >*debug*</Property> near the
>>>>>>>>>>> top of log4j2.xml, restart the server, and check cas.log.
>>>>>>>>>>>
>>>>>>>>>>> If the above is working, then you should also be able to access
>>>>>>>>>>>
>>>>>>>>>>> http[s]://your.cas.server/cas/status/dashboard
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> and have the CAS login page appear. Don't forget that in order
>>>>>>>>>>> for this to work, you need to create an entry in the service
>>>>>>>>>>> registry for
>>>>>>>>>>> the dashboard URL:
>>>>>>>>>>>
>>>>>>>>>>> "serviceId" : "^
>>>>>>>>>>> https://your.cas.server/cas/status/dashboard(\\z|/.*)",
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Does that part work? If so, move on to the next part. If not,
>>>>>>>>>>> it's probably a service registry problem.
>>>>>>>>>>>
>>>>>>>>>>> If the above is working, then you should authenticate to the CAS
>>>>>>>>>>> server as a user you've listed in admusers.properties. This
>>>>>>>>>>> file should have lines like
>>>>>>>>>>>
>>>>>>>>>>> username=passwordnotused,ROLE_ADMIN
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Where username is the user's LDAP user name (sAMAccountName in
>>>>>>>>>>> your setup). The user should use his/her LDAP password.
>>>>>>>>>>>
>>>>>>>>>>> Does that part work? If not, check the debug logs, or report
>>>>>>>>>>> back here with the error message(s) you're seeing.
>>>>>>>>>>>
>>>>>>>>>>> Good luck,
>>>>>>>>>>> --Dave
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>>
>>>>>>>>>>> DAVID A. CURRY, CISSP
>>>>>>>>>>> *DIRECTOR OF INFORMATION SECURITY*
>>>>>>>>>>> INFORMATION TECHNOLOGY
>>>>>>>>>>>
>>>>>>>>>>> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
>>>>>>>>>>> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
>>>>>>>>>>> +1 212 229-5300 x4728 • [email protected]
>>>>>>>>>>>
>>>>>>>>>>> [image: The New School]
>>>>>>>>>>>
>>>>>>>>>>> On Fri, Feb 2, 2018 at 7:54 AM, Carlos Eduardo Santos <
>>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> / status / dashborad - Page not found.
>>>>>>>>>>>> Hello everyone, I have been trying to configure the CAS server
>>>>>>>>>>>> for a few days (following all the information from "the new
>>>>>>>>>>>> school"). The
>>>>>>>>>>>> information is very clear, but I could not access anything ahead
>>>>>>>>>>>> of /
>>>>>>>>>>>> status /.
>>>>>>>>>>>> To the status page I can visualize the dashboard, for example,
>>>>>>>>>>>> nothing.
>>>>>>>>>>>> Below the configuration of cas.properties
>>>>>>>>>>>>
>>>>>>>>>>>> cas.server.name = http: // xxxxxxxxxxxxxx
>>>>>>>>>>>> cas.server.prefix = $ {server.name} / cas
>>>>>>>>>>>> cas.tgc.secure = true
>>>>>>>>>>>> cas.tgc.encryptionKey =
>>>>>>>>>>>> DCETkZ33-A7TETvjgZ24J_o2xQkyQxc0FCFa725ubnY
>>>>>>>>>>>> cas.tgc.signingKey =
>>>>>>>>>>>> 8y-RtN0Ny3VF9DAkNQPvIeXXkHtTetFu9bEcG5G7F95ckmSdvE9ZdMSbVCRvBEmwJv_Bbr7wBIfsCrXdo-IytQ
>>>>>>>>>>>> cas.webflow.crypto.signing.key =
>>>>>>>>>>>> J4qjH74TlZY5Ic6GTnblZbwKN4Ye1mBuMEr-a3_DNpakNbmkX0LUmXGQ30oetbf8N_dNXsG_rdjWyXUOen1mEA
>>>>>>>>>>>> cas.webflow.crypto.encryption.key = dE1URfP5K6nvFtnUgBppQw ==
>>>>>>>>>>>> cas.authn.accept.users =
>>>>>>>>>>>> logging.config = file: /etc/cas/config/log4j2.xml
>>>>>>>>>>>> cas.serviceRegistry.config.location = file: / etc / cas /
>>>>>>>>>>>> services
>>>>>>>>>>>> cas.authn.accept.users =
>>>>>>>>>>>> cas.authn.ldap [0] .order = 0
>>>>>>>>>>>> cas.authn.ldap [0] .name = Active Directory
>>>>>>>>>>>> cas.authn.ldap [0] .type = AUTHENTICATED
>>>>>>>>>>>> cas.authn.ldap [0] .ldapUrl = ldap: //10.1.0.48:389
>>>>>>>>>>>> cas.authn.ldap [0] .userFilter = sAMAccountName = {user}
>>>>>>>>>>>> cas.authn.ldap [0] .useSsl = false
>>>>>>>>>>>> cas.authn.ldap [0] .baseDn = OU = CNANET, DC = cna, DC = org,
>>>>>>>>>>>> DC = br
>>>>>>>>>>>> cas.authn.ldap [0] .dnFormat = uid =% s, ou = people, dc =
>>>>>>>>>>>> example, dc = org
>>>>>>>>>>>> cas.authn.ldap [0] .subtreeSearch = true
>>>>>>>>>>>> cas.authn.ldap [0] .bindDn = cn = xxxxx, cn = Users, dc = xxx,
>>>>>>>>>>>> dc = org, dc = br
>>>>>>>>>>>> cas.authn.ldap [0] .bindCredential = xxxxxxx
>>>>>>>>>>>> cas.adminPagesSecurity.actuatorEndpointsEnabled = true
>>>>>>>>>>>> cas.monitor.endpoints.enabled = true
>>>>>>>>>>>> endpoints.enabled = true
>>>>>>>>>>>> cas.adminPagesSecurity.ip = ^ 10 \\. 1 \\. (3 \\. [0-9] {1,3} |
>>>>>>>>>>>> 0 \\. [12] 0) $
>>>>>>>>>>>> cas.monitor.endpoints.sensitive = false
>>>>>>>>>>>> endpoints.sensitive = false
>>>>>>>>>>>> cas.adminPagesSecurity.loginUrl = $ {cas.server.prefix} / login
>>>>>>>>>>>> cas.adminPagesSecurity.service = $ {cas.server.prefix} / status
>>>>>>>>>>>> / dashboard
>>>>>>>>>>>> cas.adminPagesSecurity.users = file:
>>>>>>>>>>>> /etc/cas/config/admusers.properties
>>>>>>>>>>>> cas.adminPagesSecurity.adminRoles [0] = ROLE_ADMIN
>>>>>>>>>>>> ##############
>>>>>>>>>>>> I'm trying to free cas.adminPagesSecurity.ip for the
>>>>>>>>>>>> 10.1.3.0/24 network. but I do not know if that's the right way.
>>>>>>>>>>>> I've tried to follow another topic that talks about it but
>>>>>>>>>>>> without success.
>>>>>>>>>>>> Please, can someone help me !!!
>>>>>>>>>>>> Thank you.
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> - Website: https://apereo.github.io/cas
>>>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG
>>>>>>>>>>>> ---
>>>>>>>>>>>> You received this message because you are subscribed to the
>>>>>>>>>>>> Google Groups "CAS Community" group.
>>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from
>>>>>>>>>>>> it, send an email to [email protected].
>>>>>>>>>>>> To view this discussion on the web visit
>>>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/aeed34f4-003b-45ed-9221-264c6f45ea04%40apereo.org
>>>>>>>>>>>>
>>>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/aeed34f4-003b-45ed-9221-264c6f45ea04%40apereo.org?utm_medium=email&utm_source=footer>
>>>>>>>>>>>> .
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>> - Website: https://apereo.github.io/cas
>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG
>>>>>>>>>> ---
>>>>>>>>>> You received this message because you are subscribed to the
>>>>>>>>>> Google Groups "CAS Community" group.
>>>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>>>> send an email to [email protected].
>>>>>>>>>> To view this discussion on the web visit
>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a015990e-68d9-4477-992b-fc2d2c19040d%40apereo.org
>>>>>>>>>>
>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/a015990e-68d9-4477-992b-fc2d2c19040d%40apereo.org?utm_medium=email&utm_source=footer>
>>>>>>>>>> .
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>> - Website: https://apereo.github.io/cas
>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>>>>>> - Contributions: https://goo.gl/mh7qDG
>>>>>>>> ---
>>>>>>>> You received this message because you are subscribed to the Google
>>>>>>>> Groups "CAS Community" group.
>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>> send an email to [email protected].
>>>>>>>> To view this discussion on the web visit
>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/67740b15-321a-4baf-b2ad-1f981c399c0d%40apereo.org
>>>>>>>>
>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/67740b15-321a-4baf-b2ad-1f981c399c0d%40apereo.org?utm_medium=email&utm_source=footer>
>>>>>>>> .
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>> - Website: https://apereo.github.io/cas
>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>>>> - Contributions: https://goo.gl/mh7qDG
>>>>>> ---
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "CAS Community" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to [email protected].
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6a2e1a7a-3d75-481e-9e24-487d7aea8a5e%40apereo.org
>>>>>>
>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6a2e1a7a-3d75-481e-9e24-487d7aea8a5e%40apereo.org?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>>
>>>>> --
>>>> - Website: https://apereo.github.io/cas
>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>> - Contributions: https://goo.gl/mh7qDG
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/17a504b3-1be5-4adc-a63a-3df2c70029a7%40apereo.org
>>>>
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/17a504b3-1be5-4adc-a63a-3df2c70029a7%40apereo.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/8af99ef5-6027-4581-8521-1d9e5105cd62%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/8af99ef5-6027-4581-8521-1d9e5105cd62%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/69723a80-1b26-4bdd-be35-a0be66a2c003%40apereo.org.
org.pac4j.core.exception.TechnicalException: java.lang.RuntimeException:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:168)
at
org.pac4j.springframework.web.SecurityInterceptor.preHandle(SecurityInterceptor.java:65)
at
org.pac4j.springframework.web.SecurityInterceptor$$FastClassBySpringCGLIB$$efdcf9fe.invoke(<generated>)
at
org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
at
org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
at
org.pac4j.springframework.web.SecurityInterceptor$$EnhancerBySpringCGLIB$$c69a58dd.preHandle(<generated>)
at
org.apereo.cas.config.CasSecurityContextConfiguration$CasAdminStatusInterceptor.preHandle(CasSecurityContextConfiguration.java:155)
at
org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:133)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:962)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:28)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:245)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:110)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:93)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:115)
at
org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:59)
at
org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:90)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:108)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at
org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:286)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:69)
at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:443)
at
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41)
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193)
at
org.pac4j.cas.credentials.authenticator.CasAuthenticator.validate(CasAuthenticator.java:61)
at
org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:68)
at
org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:37)
at
org.pac4j.core.client.DirectClient.getCredentials(DirectClient.java:44)
at
org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:113)
... 89 more
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:431)
... 96 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:260)
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
... 109 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 115 more
