Thanks again for your responses guys. I already had it in the system cacerts (see original) but I had a configuration problem where I was pointing to the wrong validation url in web.xml.
Bottom line is, it's working fine now. I would like to take a moment to say how very impressed I am with the activity and responsiveness in this community. I try not to ask for assistance any more than necessary, but it sure is great when it's there. Anyway, again thanks for the help and the patience! Gerald ----- Original Message ----- From: "Marvin Addison" <[email protected]> To: [email protected] Sent: Thursday, June 25, 2009 2:51:12 PM GMT -06:00 US/Canada Central Subject: Re: [cas-user] SSO Not So SSO > org.jasig.cas.client.validation.Cas20ServiceTicketValidator] > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target You need to install your CAS server cert into the _system_ keystore. That's $JRE_HOME/lib/security/cacerts by default. You can override the default for a JVM using the -Djava.net.keyStore flag. > When I log into the portal, everything is fine. When I go to the page with > the application embedded, I see the above. I have and have double checked > that I have the certificate in the java cacerts and in jboss' keystore file. This is a point of confusion for _many_ folks. The keystore used by JBoss for the SSL connectors in the underlying Tomcat servlet engine has nothing to do with the JVM keystore used by the CAS client for talking SSL. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
