> org.jasig.cas.client.validation.Cas20ServiceTicketValidator] > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target
You need to install your CAS server cert into the _system_ keystore. That's $JRE_HOME/lib/security/cacerts by default. You can override the default for a JVM using the -Djava.net.keyStore flag. > When I log into the portal, everything is fine. When I go to the page with > the application embedded, I see the above. I have and have double checked > that I have the certificate in the java cacerts and in jboss' keystore file. This is a point of confusion for _many_ folks. The keystore used by JBoss for the SSL connectors in the underlying Tomcat servlet engine has nothing to do with the JVM keystore used by the CAS client for talking SSL. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
