If you haven't you should add your CAS Server's certificate to your local client JVM's cacerts file so that it trusts it.
Cheers, Scott On Wed, Apr 29, 2009 at 10:57 AM, inas inassen <[email protected]> wrote: > Thanks Andrew, > > this is my config: > > I have 2 certificates and private keys > > apache_cert.crt and apache_private.key > tomcat_cert.crt and tomcat_private.key > > my apache (ssl) is configured using apache_cert.crt and apache_private.key > SSLCertificateFile conf/ssl/apache_cert.crt > SSLCertificateKeyFile conf/ssl/apache_private.key > > my both tomcat instances are configured like this: > keystoreFile="/tomcats/ssl/tomcat.jks" keystorePass="tomcat" > truststoreFile="/tomcats/ssl/trusted.jks" truststorePass="tomcat" > > tomcat.jks contains tomcat_cert.crt and tomcat_private.key > trusted.jks contains apache_cert.crt, tomcat_cert.crt and others trusted > certificates. > > So what is wrong or is there something I missed in this config? > > Thanks again. > > Inas. > > ------------------------------ > Date: Wed, 29 Apr 2009 09:00:15 -0500 > From: [email protected] > Subject: Re: [cas-user] JA-SIG CAS client 3.1.3 error > To: [email protected] > > > Inas, > > It is a SSL issue where the CAS server’s SSL certificate is not trusted. I > would recommend ensuring that Apache HTTPD is configured to serve the > Intermediary CA certificate that issued your certificate if the Intermediary > is not within your CA certificate bundle. > > A- > > > > On 4/28/09 4:13 PM, "inas inassen" <[email protected]> wrote: > > Hi all, > > I'm using JA-SIG CAS Client 3.1.3 in my application that's is running on > one tomcat instance connected to apache 2.2.4. > I have another tomcat instance hosting CAS with CAS 3.0 web application and > it's connected also to the same apache. > > Every url goes via apache to my tomcats even for login. > > every thing works fine but when my login succeeds and the I'm forweded to > the my application I got the following error: > It seems like a certificate probleme, but when I ran each application alone > using ssl it works fine. > > please any idea? > > thanks. > > Inas. > > SEVERE: Servlet.service() for servlet jsp threw exception > org.jasig.cas.client.validation.TicketValidationException: The CAS server > returned no response. > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:181) > at > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > at > org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) > at > org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) > at > org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767) > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697) > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) > at java.lang.Thread.run(Thread.java:619) > [ERROR] [2009-04-28 16:47:20,397, 66266] [TP-Processor7] > [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] (?:?) - > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123) > at > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) > at > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107) > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:977) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) > at > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:35) > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178) > at > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > at > org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) > at > org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) > at > org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767) > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697) > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) > at java.lang.Thread.run(Thread.java:619) > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191) > at sun.security.validator.Validator.validate(Validator.java:218) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954) > ... 33 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174) > at > java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) > ... 39 more > [WARN ] [2009-04-28 16:47:20,397, 66266] [TP-Processor7] > [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] > (?:?) - org.jasig.cas.client.validation.TicketValidationException: The CAS > server returned no > response.org.jasig.cas.client.validation.TicketValidationException: The CAS > server returned no response. > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:181) > at > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > at > org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) > at > org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) > at > org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767) > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697) > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) > at java.lang.Thread.run(Thread.java:619) > > > ------------------------------ > Téléchargez le nouveau Windows Live Messenger ! Téléchargez Messenger, > c'est gratuit ! > <http://get.live.com/messenger/overview><http://get.live.com/messenger/overview> > > > -- > Andrew Feller, Analyst > LSU University Information Services > 200 Frey Computing Services Center > Baton Rouge, LA 70803 > Office: 225.578.3737 > Fax: 225.578.6400 > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > ------------------------------ > Tous vos amis discutent sur Messenger, et vous ? Téléchargez Messenger, > c'est gratuit ! <http://get.live.com/messenger/overview> > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
