Thank you that was helpful, my app was using the wrong trustore On Sunday, July 2, 2023 at 12:46:27 PM UTC+1 [email protected] wrote:
> Hi, provided you've got setup CAS and its certificate correctly, did you > check that your Java client application really uses the truststore file > located at "C:\Program Files\Java\jdk-17\lib\security\cacerts"? You can do > that by adding the following JVM option (system property) when starting the > Java application: "-Djavax.net.debug=trustmanager" (or > "-Djavax.net.debug=all", but that will output MUCH more lines). > > On Wednesday, 21 June 2023 at 17:01:53 UTC+2 Ray Bon wrote: > >> The backend communication between cas and the client needs to be https, >> even if the browser URL is http. >> >> Check tomcat config (or whatever container you are using), which also >> needs to know about the cert. >> I have this in server.xml on my laptop: >> >> <Connector port="8443" >> protocol="org.apache.coyote.http11.Http11NioProtocol" >> maxThreads="150" SSLEnabled="true" scheme="https" secure="true" >> keystorePass="password" >> keystoreFile="/etc/ssl/certs/thekeystore" clientAuth="false" >> sslProtocol="TLS"> >> </Connector> >> >> Ray >> >> On Mon, 2023-06-19 at 04:43 -0700, fasr favk wrote: >> >> Notice: This message was sent from outside the University of Victoria >> email system. Please be cautious with links and sensitive information. >> >> >> Hello, my cas server is working fine, but when i try to log in to my cas >> client application with spring boot , it gives this error : >> "PKIX path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target..." >> >> i already imported my cas.crt to cacerts in my jdk 17. with keytool: >> *keytool -import -file "C:\etc\cas\cas.crt" -alias cas -keystore >> "C:\Program Files\Java\jdk-17\lib\security\cacerts"* >> NB: after refreshing my cas server i can see myself logged in with cas >> client, and am using ldap for auth >> [image: err.png] >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6d946bb7-880b-4157-8b7c-ba6da213ceben%40apereo.org.
