15:33:51,989 ERROR [Cas20ServiceTicketValidator] * javax.net.ssl.SSLHandshakeException*: * sun.security.validator.ValidatorException*: PKIX path building failed: * sun.security.provider.certpath.SunCertPathBuilderException*: unable to find valid certification path to requested target
That's the exception from the client saying it doesn't trust the server. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Feb 26, 2009 at 4:58 PM, Bruno Melloni <[email protected]>wrote: > I got CAS and a first application that uses it working on Tomcat 6. I am > now trying to move them to jBoss and having problems with the certificates. > > > > When I installed for Tomcat, I used the instructions in step 2 of > http://www.ja-sig.org/wiki/display/CASUM/Demo. Worked beautifully. HTTPS > worked, CAS recognized it, and everything worked great. > > > > With jBoss I first discovered that the approach above puts the private key > in the Java keystore, and the exported/imported public key in the Tomcat > keystore. jBoss doesn’t like that approach. It wants the private key in > its keystore and does not seem to rely on an exported/imported public key. > > - I gave jBoss what it wanted by adding “–keystore > <jboss>/conf/server.keystore” to the example line that has the –genkey. > > - jBoss now handles HTTPS just fine. > > - CAS didn’t like that. > > > > Here is what happens: > > > > - The server starts fine, no errors. > > - I start the application. Fine, no errors. > > - I go to a secure page. CAS correctly intercepts and reroutes > to the login screen. > > - I enter the username and password and hit OK. > > - In the logs I see a debug entry from my custom > AuthenticationHandler that indicates the authentication was successful. > > - In the logs I also see a CAS message saying that a ticket was > granted for service [https:// > <myServer>:8443/sso/j_spring_cas_security_check] > > - Immediately after, where I presume that CAS is trying to make > the callback to my application, I get the exception: > > > > 15:33:51,989 ERROR [Cas20ServiceTicketValidator] * > javax.net.ssl.SSLHandshakeException*: * > sun.security.validator.ValidatorException*: PKIX path building failed: * > sun.security.provider.certpath.SunCertPathBuilderException*: unable to > find valid certification path to requested target > > > > It seems like I’m very close, but missing a critical. Any ideas? > > > > Thanks, > > > > b. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
