Its not a matter of CAS running over HTTPS. Your Services Management tool is using validating its ticket against your CAS server, which is running over IIS (and HTTPS). Your JVM's cacerts file that the CAS server is running under is most likely missing the certificate that you're fronting your CAS server with (if its not a Commercial cert).
-Scott On Sat, Mar 7, 2009 at 1:18 PM, Pieslak, Brian <[email protected]> wrote: > Hi, > I'm using CAS 3.2.1 on Tomcat 5.5 running behind IIS 6.0 (using Jakarta > Isapi_redirector). > Everything has been working beautifully for Single Sign On, and now I'm > working on Single Sign Out and I'm having a LOT of problems getting the > Service Management interface to load. > When accessing https://localhost:8443/cas/services and logging in, I am > getting the dreaded: "sun.security.validator.ValidatorException: PKIX path > building failed: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target." error. > > I have been trying to work through this, and I'm really struggling. So > I was hoping to take a slighly different approach. > > Since I'm running CAS behind IIS, and I'm running IIS over SSL, is it > possible to turn remove the HTTPS requirement for CAS? If I could run my > IIS webserver over HTTPS and then connect to CAS using the Jakarta > Isapi_redirector over HTTP that would eliminate a LOT of complexity for me. > > If that's not possible, I'll definitely need some help getting past the > ValidatorException. I have been reading all of the CAS wiki articles and > java on SSL issues specifically for this issue, and I just can't seem to > figure out what I'm doing wrong. > > Thanks, > -Brian > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
