Hi, provided you've got setup CAS and its certificate correctly, did you check that your Java client application really uses the truststore file located at "C:\Program Files\Java\jdk-17\lib\security\cacerts"? You can do that by adding the following JVM option (system property) when starting the Java application: "-Djavax.net.debug=trustmanager" (or "-Djavax.net.debug=all", but that will output MUCH more lines).
On Wednesday, 21 June 2023 at 17:01:53 UTC+2 Ray Bon wrote: > The backend communication between cas and the client needs to be https, > even if the browser URL is http. > > Check tomcat config (or whatever container you are using), which also > needs to know about the cert. > I have this in server.xml on my laptop: > > <Connector port="8443" > protocol="org.apache.coyote.http11.Http11NioProtocol" > maxThreads="150" SSLEnabled="true" scheme="https" secure="true" > keystorePass="password" > keystoreFile="/etc/ssl/certs/thekeystore" clientAuth="false" > sslProtocol="TLS"> > </Connector> > > Ray > > On Mon, 2023-06-19 at 04:43 -0700, fasr favk wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hello, my cas server is working fine, but when i try to log in to my cas > client application with spring boot , it gives this error : > "PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target..." > > i already imported my cas.crt to cacerts in my jdk 17. with keytool: > *keytool -import -file "C:\etc\cas\cas.crt" -alias cas -keystore > "C:\Program Files\Java\jdk-17\lib\security\cacerts"* > NB: after refreshing my cas server i can see myself logged in with cas > client, and am using ldap for auth > [image: err.png] > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4766caf2-506f-41e0-8756-d4f09d2f7eb9n%40apereo.org.
