Glad you were able to get it working! I think we've all been bitten at one point or another of adding the certificate to the wrong JVM cacerts file.
-Scott On Sat, Mar 7, 2009 at 1:55 PM, Pieslak, Brian <[email protected]> wrote: > Thank you very much for the quick response, Scott. The issue was > definitely in my JVM's cacerts file. > I am using a local dev cert generated by keytool, and this article gave me > the answer I needed: > http://blogs.sun.com/andreas/entry/no_more_unable_to_find > Of course, I realized I had misread a sentence in the bottom paragraph of > that article, so it wasn't working for me yesterday. > > I also found that my JVMs were a little mis-configured, since I have > multiple JDKs and JREs installed on my laptop. > In several of the CAS wiki pages there is the suggestion of "If all else > fails, reinstall your JRE, CAS, and Tomcat" and that was what I ultimately > needed to do. > > Thanks again, > -Brian > > ------------------------------ > *From:* Scott Battaglia [[email protected]] > *Sent:* Saturday, March 07, 2009 1:37 PM > *To:* [email protected] > *Subject:* Re: [cas-user] turn off HTTPS for CAS when running behind IIS ? > > Its not a matter of CAS running over HTTPS. Your Services Management > tool is using validating its ticket against your CAS server, which is > running over IIS (and HTTPS). Your JVM's cacerts file that the CAS server > is running under is most likely missing the certificate that you're fronting > your CAS server with (if its not a Commercial cert). > > -Scott > > > On Sat, Mar 7, 2009 at 1:18 PM, Pieslak, Brian <[email protected]>wrote: > >> Hi, >> I'm using CAS 3.2.1 on Tomcat 5.5 running behind IIS 6.0 (using Jakarta >> Isapi_redirector). >> Everything has been working beautifully for Single Sign On, and now I'm >> working on Single Sign Out and I'm having a LOT of problems getting the >> Service Management interface to load. >> When accessing https://localhost:8443/cas/services and logging in, I >> am getting the dreaded: "sun.security.validator.ValidatorException: PKIX >> path building failed: >> sun.security.provider.certpath.SunCertPathBuilderException: unable to find >> valid certification path to requested target." error. >> >> I have been trying to work through this, and I'm really struggling. >> So I was hoping to take a slighly different approach. >> >> Since I'm running CAS behind IIS, and I'm running IIS over SSL, is it >> possible to turn remove the HTTPS requirement for CAS? If I could run my >> IIS webserver over HTTPS and then connect to CAS using the Jakarta >> Isapi_redirector over HTTP that would eliminate a LOT of complexity for me. >> >> If that's not possible, I'll definitely need some help getting past the >> ValidatorException. I have been reading all of the CAS wiki articles and >> java on SSL issues specifically for this issue, and I just can't seem to >> figure out what I'm doing wrong. >> >> Thanks, >> -Brian >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
