Thank you very much for the quick response, Scott. The issue was definitely in my JVM's cacerts file. I am using a local dev cert generated by keytool, and this article gave me the answer I needed: http://blogs.sun.com/andreas/entry/no_more_unable_to_find Of course, I realized I had misread a sentence in the bottom paragraph of that article, so it wasn't working for me yesterday.
I also found that my JVMs were a little mis-configured, since I have multiple JDKs and JREs installed on my laptop. In several of the CAS wiki pages there is the suggestion of "If all else fails, reinstall your JRE, CAS, and Tomcat" and that was what I ultimately needed to do. Thanks again, -Brian ________________________________ From: Scott Battaglia [[email protected]] Sent: Saturday, March 07, 2009 1:37 PM To: [email protected] Subject: Re: [cas-user] turn off HTTPS for CAS when running behind IIS ? Its not a matter of CAS running over HTTPS. Your Services Management tool is using validating its ticket against your CAS server, which is running over IIS (and HTTPS). Your JVM's cacerts file that the CAS server is running under is most likely missing the certificate that you're fronting your CAS server with (if its not a Commercial cert). -Scott On Sat, Mar 7, 2009 at 1:18 PM, Pieslak, Brian <[email protected]<mailto:[email protected]>> wrote: Hi, I'm using CAS 3.2.1 on Tomcat 5.5 running behind IIS 6.0 (using Jakarta Isapi_redirector). Everything has been working beautifully for Single Sign On, and now I'm working on Single Sign Out and I'm having a LOT of problems getting the Service Management interface to load. When accessing https://localhost:8443/cas/services and logging in, I am getting the dreaded: "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target." error. I have been trying to work through this, and I'm really struggling. So I was hoping to take a slighly different approach. Since I'm running CAS behind IIS, and I'm running IIS over SSL, is it possible to turn remove the HTTPS requirement for CAS? If I could run my IIS webserver over HTTPS and then connect to CAS using the Jakarta Isapi_redirector over HTTP that would eliminate a LOT of complexity for me. If that's not possible, I'll definitely need some help getting past the ValidatorException. I have been reading all of the CAS wiki articles and java on SSL issues specifically for this issue, and I just can't seem to figure out what I'm doing wrong. Thanks, -Brian -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
